Владельцы устройств на Android 11 и выше в скором времени должны будут получить обновление от своих вендоров.

Хакеры Kimsuky из тени следят за реакцией мира на деятельность страны.

Сегодня в сеть утекли данные клиентов интернет-магазина book24.ru и магазина матрасов «Аскона».

Физики решили математическую загадку кварков и глюонов в ядерном веществеAlexander AntipovФизики из США и Китая разработали новый метод для вычисления свойств кварков и глюонов в ядерном веществе, которое образуется при высоких температурах и плотностях.

Квантовая хромодинамика (КХД) — это теория, которая описывает сильное взаимодействие и динамику кварков и глюонов.

Однако вычисление свойств кварков и глюонов в ядерном веществе — это сложная задача, которая требует больших вычислительных ресурсов.

Они использовали метод называемый «контурная деформация», который позволяет перевести интегралы по многомерному пространству кварков и глюонов в интегралы по одномерному контуру на комплексной пл…

По мнению регулятора, компания незаконно торговала ценными бумагами и предлагала своим клиентам стейкинг без регистрации.

Выявленные приложения весьма оригинально маскируется на целевом устройстве, и далеко не каждый пользователь сможет их найти.

Доступ к панели инструментов приложения потенциально раскрывает личные данные более 500 тыс. пользователей.

Скрытый троян использует PowerShell и WMI для компрометации и дальнейшего функционирования.

Злоумышленники выложили в сеть данные более трех миллионов покупателей.

Всё больше зловредных программ работают как сервис, существенно снижая входной порог в сферу киберпреступности.

Состояние рынка систем виртуализации в РоссииСистемы виртуализации до и после 2022 годаВ начале дискуссии Антон Жбанков предложил экспертам дать определение виртуализации и рассказать о том, что сейчас происходит на российском рынке в соответствующем сегменте.

Рынок же российских систем виртуализации сформировался задолго до специальной военной операции, так что в 2022 г. было уже из чего выбирать.

Дело вовсе не в том, что зарубежное лучше отечественного, а в том, что зарубежные продукты разрабатывались гораздо дольше и с гораздо большим объёмом вложений, нежели российские.

По результатам опроса зрителей AM Live, 25 % респондентов применяют решения по виртуализации для решения инфраструктур…

Тёмная сторона вселенной (darkverse)Если для интернета есть даркнет, то и для метавселенной будет «darkverse».

Это, в свою очередь, может сделать активы с NFT-метками в метавселенной более привлекательными для злоумышленников — например, в качестве цели для вредоносного шифрования.

Могут оказаться бесполезными и цифровые двойники, и резервные мощности, и NFT, и другие будущие средства защиты.

Всё это содержит огромное количество общеизвестных уязвимостей, что с учётом масштабов позволит хакерам применять количество векторов атак, стремящееся к бесконечности.

При этом средства защиты для метавселенных тоже станут объектами атаки и породят свои риски и недопустимые события.

Гипотеза, выдвинутая Elevate Security, состояла в том, что в компаниях существуют группы сотрудников, характер действий которых создаёт наибольший риск с точки зрения различных кибератак.

Соответственно, нужно было выделить эти группы пользователей по каким-либо характерным признакам.

Опытным путём были найдены эти пороговые значения, по которым в Elevate Security предлагают относить людей к категории «пользователей высокого уровня риска» (high risk user).

Отметим, что это — результаты опытных исследований и к ним следует относиться с должной осторожностью.

ИИ и автоматизация, развитие программных средств оценки склонности пользователей к совершению тех или иных рискованных операций могут п…

Для того чтобы защититься от этой угрозы, необходимо постоянно осуществлять контроль качества данных, защиту стимулов от изменений и валидацию входных данных.

Для того чтобы затруднить реализацию подобных атак, рекомендуется применять защиту от вредоносных программ и регулярно обновлять программное обеспечение чат-ботов и языковых моделей.

Помимо использования технических мер защиты, не менее важно обучать персонал, который работает с чат-ботами и языковыми моделями, правилам безопасности и методам защиты от атак.

Регулярное проведение тренингов и семинаров позволит повысить уровень осведомлённости и готовности к действиям в случае возникновения угрозы безопасности.

Для защиты от них важно …

Безусловно, управлять сервером, который находится в домене, намного проще, однако «Лаборатория Касперского» советует устройства с KSC в домен не включать.

Точки распространенияДалее нужно нажать на стрелочку и в выпадающем списке выбрать «Добавить шлюз соединений, находящийся в демилитаризованной зоне, по адресу».

Свойства шлюза соединенияПоследний этап — отключить в политике агента флажок «Использовать UDP-порт» либо создать новую политику и в ней не включать этот флажок.

Вы можете прислать нам вопросы по KSC и KES на любые темы, самые интересные мы разберём и озвучим на вебинаре!

Вопросы вы можете отправлять по адресу [email protected] c темой «Вебинар по KSC».

И автоматизация — это способ дать им время, чтобы сделать нашу компанию лучше.

Эксперты выделили категории работников, которым необходима автоматизация в том или ином виде.

Схожая ситуация — и с теми компаниями, которые смогли автоматизировать все процессы: в 2022 г. их было 6 %, а в 2023 г. стало 5 %.

Тех же, кто против автоматизации, в 2023 г. оказалось почти в три раза больше — 11 % против 4 % в 2022 г.Рисунок 2.

В кибербезопасности мы должны переходить не в продажи автоматизации, а в продажи её результата.

Результатом стал запрет на использование чипов Micron в инфраструктурах объектов КИИ в Китае.

Почему запрет чипов Micron важен и для РоссииДействительно ли опасность чипов Micron для КИИ настолько велика, что требует ввода серьёзных ограничений?

Отметим также, что согласно опубликованным данным чипы Micron есть и в российской технике, в том числе военного назначения.

Поэтому результаты проведённого китайской стороной исследования относительно чипов Micron актуальны и для России.

ВыводыЗапрет на поставку чипов Micron в КНР можно назвать первым жёстким ответом Китая на ограничительные меры, вводимые в его адрес со стороны США.

Рынок систем управления уязвимостями в РоссииЧто такое Vulnerability ManagementПавел Попов:— Сканер уязвимости не равен процессу управления уязвимостями.

Павел Попов, лидер практики продуктов для управления уязвимостями и мониторинга ИБ, Positive TechnologiesВладимир Михайлов:— Прежде всего в компании нужно осознать, что этим надо заниматься.

Павел Загуменнов:— Процесс управления уязвимостями начинается даже не с обнаружения самих уязвимостей, он должен начинаться с инвентаризации активов.

И процесс управления изменениями, патч-менеджмент и управление активами — это то, что должно быть перед тем, как вы займётесь управлением уязвимостями.

Валерий Ледовской:— Я считаю, что в ближайшие годы т…

Следует перезагружать все компьютеры, смартфоны, маршрутизаторы, подключаемые к домашней сети, не реже одного раза в неделю.

Перед решением задач по администрированию важно убедиться, что доступ к сети ограничен внутренним периметром.

Полезно раз в квартал проверять настройки безопасности собственного аккаунта в социальной сети и список подключённых приложений.

А вот скрывать идентификатор беспроводной сети (SSID) не имеет смысла: это не повышает её безопасности, но может затруднить подключение новых устройств.

Рекомендуется создать отдельную учётную запись гостя, чтобы отделить гостевой трафик от сегмента домашней сети, в которой работают доверенные и частные (private) устройства.

Нехватка квалифицированных кадров в сфере информационной безопасности становится серьёзной проблемой для компаний в условиях современной цифровой экономики.

О том, как компании получить в штат лучших ИБ-специалистов на рынке и обеспечить защиту своего бизнеса от цифровых угроз, подробнее расскажем в этой статье.

Более 70 % студентов, успешно прошедших стажировку, получают предложение продолжить своё карьерное развитие в компании заказчика.

Профессиональная переподготовка в области информационной безопасности является ключевым фактором в борьбе с киберугрозами и гарантирует компаниям высокий уровень защищённости в эпоху цифровых угроз.

Это поможет снизить внутренний риск информационных утече…

В то же время, в 2022 году ФБР не проводило крупных пакетных проверок граждан страны с расследованием угроз для национальной безопасности.

Как показывает опубликованная статистика, количество проверок со стороны ФБР в отношении граждан США снизилось в 2022 году в семь раз по сравнению с 2020 годом и в 25 раз по сравнению с 2021 годом.

Расследования в отношении граждан СШАРегламент расследований в отношении граждан США описан в разделах 703 и 704 закона FISA 1978 года.

В новом отчёте отражена информация о выданных судебных ордерах в 2022 году и о количестве подозреваемых, по которым проводились проверки.

Число подозреваемых на территории США и их гражданствоРасследования в отношении иностран…

Фактически это означает, что в NGFW можно не только делить пакеты на безопасные и небезопасные, но и оценивать их содержимое.

Новые инструменты в составе UserGate NGFW 7.0Дополнительные опции для NGFWРешения класса NGFW применяются в самых различных компаниях.

Вокруг NGFW на рынке формируется множество дополнительных SaaS-приложений, которые позволяют дооснастить функциональный набор базового NGFW-решения новыми, порой критически важными опциями.

UserGate собрала все свои инструменты в единую экосистему SUMMAВыводыМы перечислили основные признаки, по которым можно отличить настоящий современный NGFW от традиционных файрволов.

В качестве примера мы использовали UserGate NGFW, входящий в сост…

Ответы на эти и другие вопросы ищите в сравнении экосистем продуктов и сервисов российского рынка информационной безопасности.

Экосистема продуктов и сервисов компании «МегаФон»Компания «МегаФон» строит свою экосистему по модели «Security-as-a-Service» (SecaaS), предлагая портфель решений в сфере информационной безопасности на базе собственной облачной среды.

Экосистема продуктов и сервисов компании «РТК-Солар»Экосистема информационной безопасности компании «РТК-Солар» базируется преимущественно на сервисной модели.

После долгих обсуждений мы решили, что базой сравнения экосистем должен стать их охват — наличие продуктов в различных сферах информационной безопасности.

Поэтому мы создали нек…

ВведениеПервые упоминания о технологии SD-WAN в профильных изданиях появились около 10 лет назад.

Затем в 2015 году аналитическая компания Gartner выпустила «Руководство по рынку SD-WAN», в котором предсказывала бурный рост применения таких решений в корпоративных инфраструктурах.

На российском рынке технология SD-WAN также не является чем-то новым, большинство западных вендоров предлагали свои решения, однако теперь надо учитывать изменения, которые произошли за последние полтора года.

Системные требования Kaspersky SD-WANБольшинство компонентов системы поставляются как Docker-контейнеры и / или образы виртуальных машин для гипервизора KVM.

В этом случае SD-WAN в основном применяется для у…

В этой статье приведу сравнение качества работы IPS и IDS модулей популярных решений доступных на рынке в РФ, и приведу некоторые выводы.

50% Удаленные проверки, когда промежуточные системы, такие как брандмауэры, могут симулировать правильное обнаружение, так что на самом деле неясно, ответило ли само приложение.

Тест 1Первый тест был проведен в режиме «мониторинга»: политики на устройствах были настроены в режиме логирования событий без блокировки.

Еще один нюанс – лидер от Sangfor в дефолтных конфигах содержит правило, запрещающее любое сканирование, поэтому OpenVAS и не смог пройти дальше.

Например, SSL/TLS: Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094) определяется чер…

Статический анализ приложения, взаимодействующего с устройством (в данном случае это Android-приложение Google Home), например, его декомпиляция с помощью Apktool или JADX.

Также они не имеют доступа к вашему личному аккаунту Google и к микрофону Google Home.

Нападающий обнаруживает Google Home жертвы, прослушивая MAC-адреса с префиксами, связанными с Google Inc. (например, E4:F0:42 ).

Устройство быстро нашло мой Google Home (производитель на основании префикса MAC-адреса имел в списке имя «Google»), и мне удалось деаутентифицировать его.

Прокси-сервер используется как узел, направляющий запросы от программ на компьютере (например, curl ) на Google Home жертвы через WebSocket.

Мы предполагаем, что вы берете на себя роль атакующего, который хочет взломать некую систему (исключительно из благих намерений).

Мы также предполагаем, что в вашем распоряжении относительно недорогое аппаратное обеспечение, например простые осциллографы и паяльное оборудование, и компьютер с установленным Python.

Мы не ждем, что у вас дома найдется лазерное оборудование, ускорители частиц или другие вещи, которые любителю не по карману.

А если такое оборудование у вас есть, например в лаборатории вашего университета, то книга станет еще полезнее.

Что касается целевых встроенных устройств, то мы предполагаем, что у вас есть физический доступ к ним и что вам интересно с ними поэкспериментиро…

Она хитрая и не всегда проявляется, однако стабильный повтор всё-таки получить удаётся.

А теперь причина проблемы — агент скачивает файл в свой внутренний каталог, в недрахпользователя и вызывает, в нашем случае,.

Дело в том, что я уже прогналчерези обнаружил довольно необычный порядок загрузки библиотек — он сначала ищутся в его папках, потом в текущем каталоге, а затем уже и в стандартных для FHS местах.

И не обязательно это должен быть файловый сервер — вполне рабочий вариант с документами и библиотекой на флэшке или CD/DVD-диске.Ну и чтобы не быть голословным, набросаю простейший демонстрационный код с эксплуатацией уязвимости.

Каково же было моё удивление, когда они написали, что в вер…

Функция АккерманаКласс сложности Hyperackermann-complete❯ ЛитератураЛюди часто сравнивают P и NP в таком духе, что проблемы P простые, а NP — сложные.

Но это чрезмерное упрощение.

На самом деле проблемы могут быть намного, намного сложнее, чем NP В этом смысле можно вспомнить интеллектуально-фантастический триллер Travelling Salesman (Коммивояжёр, 2012) о четырёх математиках, нанятых правительством США для решения самой сложной проблемы в истории информатики — равенства классов сложности P и NP (P versus NP problem).

Классификация задач в теории сложности многократно расширялась и дополнялась.Задача коммивояжёра — частый пример математической проблемы классов сложности P и NP, задача быстро…

Как и другие целевые атаки на устройства Apple, «Триангуляция» начинается с отправки сообщения в мессенджере iMessage.

Сообщение задействует уязвимость в iOS, что позволяет выполнить произвольный код.

Ее особенности и поведение в первой публикации не описаны, кроме того факта, что с зараженных устройств исходит аномально большой поток данных.

Пример вредоносной активности выглядит так:Обнаружить зараженное устройство можно и при помощи анализа сетевого трафика с него (что и произошло изначально в ходе расследования).

Наиболее свежая версия iOS на обнаруженных зараженных устройствах — 15.7.

vote▍ Эксплуатация уязвимостиvoteПосле эксплуатации уязвимости злоумышленник загружает на веб-сайт модифицированный файл ( /bitrix/modules/main/include/prolog.php ), в который добавляется строка ( https://techmestore[.

Были выявлены файлы вида:/bitrix/admin/f408f2b7df70.php/bitrix/admin/8f1c222aae51.php/2469a41bac71.php/98826/bfd99.phpПри обнаружении вредоносного кода следует провести мероприятия по его удалению, а также проверить систему на компрометацию.

По факту нынешней атаки выявлены следующие индикаторы компрометации: и в корневой директории сайта.

Были выявлены файлы вида: При обнаружении вредоносного кода следует провести мероприятия по его удалению, а также проверить систему на ком…

Вот и отгремел Positive Hack Days (PHDays), проводимый компанией Positive Technologies в 12 раз.

И как любой городской фестиваль, PHDays был открыт широкой публике.

Во‑первых, он выложен, во‑вторых, мне удалось поговорить с Дмитрием, поэтому про киберразведку и на нашем сайте есть отдельный материал.

Ну и так как я уже отметил два доклада, продолжу рассказывать о выступлениях.

Часть доклада была посвящена самим языковым моделям, их отличиям, как они работают и как строятся.

По легенде у отдела разработки был выстроен процесс безопасной разработки: код проверялся с помощью PT Application Inspector.

Сразу обратим ваше внимание, что эта ситуация была смоделирована специально для кибербитвы Standoff для того, чтобы PT Application Inspector, задача которого искать уязвимости, мог еще и обнаруживать зловредный код.

Попытка использовать subprocessОтчет об уязвимости в PT Application InspectorРассмотрим еще один вариант внедрения реверс-шелла.

Попытка подключения через socket.connect() и pty.spawn()Отчет PT Application InspectorИ даже если послать на вход op.popen() закодированную строку, пайплайн не проходит.

Успешная реализация рискаПоследствия недопустимого события…

Тем не менее в качестве вложения злоумышленники использовали не документы Microsoft Office, а ISO-файлы.

Если файл имеет расширение .dll , используется rundll32.exe , если .ps1 , то powershell.exe , если .msi — msiexec.exe .

Если среда не является виртуальной машиной и отладчик не подключен, продолжает работу.

]com/json/?fields=225545Чтобы закрепиться в скомпрометированной системе, стилер копирует себя в папку автозагрузки под произвольным именем с расширением .scr .

Собранные данные сохраняются в архив с именем Umbral-{Environment.MachineName}.zip и выгружаются с использованием Discord Webhooks.

Данный вопрос может показаться глупым, ведь многие с уверенностью скажут, что полностью понимают ход работы данной функции.

В данном конкретном случае, это было реализовано следующим образом:int quit_handler(FILE *stream, const struct printf_info *info, const void *const *args) { puts("1337You are user!

Работа с даннымиОпределенно, важно уметь работать с аргументами, которые передаются в printf после форматной строки.

МодификаторыКогда мы работаем с функцией printf, мы имеем дело с модификаторами (например, l для длинных типов данных) и специальными флагами.

Вкратце, они работают следующим образом:Член структуры Название в форматной строке Смысл int prec 1 если указана точность int width Ми…

Таким образом, фильтрация evtx с помощью стандартной оснастки просмотра событий и XPath 1.0 ограничена и не всегда удобна.

Пример события в формате XMLXPath, в оснастке, не поддерживает регулярные выражения и поиск подстрок, которые могут быть полезны при фильтрации журналов событий Windows.

Давайте выведем события 4688, и отобразим время создания события и {$_.Properties[5].value}, которое хранит имя запущенного процесса.

*cmd.exe" } | Select-Object {$_.Properties[10].Value} | Format-ListПоиска событий с известным значением атрибута выполняется быстрее при использовании XPath запросов, чем конвейеров Powershell.

Конвейер для фильтрации событий с Convert-EventLogRecord будет выполняться в 2…

server_name: "matrix.YOUR-DOMAIN.COM" - домен вашего Matrix Synapse сервера.

Установим и настроим PostgreSQLapt install postgresqlОграничим PostgreSQL только интерфейсом localhost всё из тех-же соображений безопасностиВ файле /etc/postgresql/’YOU-POSTGRE-VERSION-NUMBER’/main/postgresql.conf устанавливаем параметр listen_addresses = ‘localhost’vim /etc/postgresql/12/main/postgresql.confПереключимся на пользователя postgres и настроим пользователя и базу данных для Matrix Synapse.

systemctl restart matrix-synapseregister_new_matrix_user -c /etc/matrix-synapse/homeserver.yaml http://localhost:8008Теперь установим и настроим coturn для видео и аудио звонковapt install coturnНастроим coturn.

apt…

Менеджер паролей обновлен до версии 2.54, исправляющей уязвимость CVE-2023-32784, которая позволяла извлечь мастер-пароль из памяти приложения в формате простого текста.

В середине мая он показал PoC-эксплоит и объяснял, что восстановить мастер-пароль KeePass в открытом виде возможно без одного-двух первых символов, причем независимо от того, заблокировано ли рабочее пространство KeePass (программа вообще может быть закрыта).

Проблема была связана с тем, что KeePass использует специальное поле для ввода пароля — SecureTextBoxEx, которое оставляет в памяти следы каждого символа, введенного пользователем.

Поскольку для восстановления мастер-пароля KeePass необходимо получить дамп памяти, для …

ИБ-специалисты Data Leakage & Breach Intelligence (DLBI) сообщили, что в сети опубликованы базы данных с информацией о клиентах торговых сетей «Ашан» и «Твой Дом».

В открытый доступ попали данные 7,8 млн клиентов «Ашана» и около 700 000 клиентов гипермаркетов «Твой Дом».

В компании проводят внутреннее расследование.

«Служба информационной безопасности "Ашан ритейл Россия" подтвердила утечку данных клиентов торговой сети.

В компании добавили, что предпринимают все необходимые меры для усиления средств защиты информационных систем компании и защиты данных клиентов.

Исследователи из «Лаборатории Касперского» рассказали о необычной схеме мошенничества с предложением зарабатывать на транскрибации (расшифровке аудиозаписей).

На этих сайтах предлагают «выполнять работу, которая не под силу компьютеру, — распознавать аудиофайлы и получать за это деньги».

Эксперты считают, что это может быть признаком того, что мошенники применяют схему не только в России, используя автоматический перевод и меняя отдельные элементы наполнения сайтов.

Вероятно, это нужно для того, чтобы пользователи сами распространяли скам-ссылки среди своих контактов.

Жертве нужно зарегистрироваться на портале, чтобы якобы начать зарабатывать на транскрибации.

Аналитики Microsoft сообщили, что волна атак на 0-day уязвимость в MOVEit Transfer (CVE-2023-34362) связана с активностью вымогательской группировки Clop.

Напомню, что об уязвимости в этом решении для управления передачей файлов стало известно в конце прошлой недели.

Как теперь пишут аналитики Microsoft, за этими атаками стоит хак-группа Clop, которую в компании называют Lace Tempest (TA505, FIN11 или DEV-0950).

Также журналисты напоминают, что в начале текущего года Clop массово атаковала компании, используя 0-day уязвимость в другом инструменте для передачи файлов, GoAnywhere MFT, а еще раньше хакеры точно так же эксплуатировали проблему в Accellion FTA.

В случае с атаками через GoAnywher…

В статье мы с тобой осве­жим в памяти теоре­тичес­кие осно­вы вос­ста­нов­ления уда­лен­ной информа­ции в фай­ловой сис­теме NTFS v3.1 и под­робно рас­смот­рим прак­тичес­кий спо­соб руч­ного вос­ста­нов­ления фай­лов с исполь­зовани­ем PowerShell.

warning Не хра­ни важ­ные фай­лы на одном томе с опе­раци­онной сис­темой (обыч­но это диск С): на этом томе в NTFS чаще все­го про­исхо­дят изме­нения даже без пря­мого учас­тия поль­зовате­ля, что может пов­лиять на вос­ста­нов­ление утра­чен­ной информа­ции.

Клас­тер же в NTFS — минималь­ная еди­ница дис­кового прос­транс­тва, дос­тупно­го для раз­мещения фай­лов и дирек­торий в фай­ловой сис­теме NTFS.

Такие фай­лы хра­нят все содер­жимое в $…

Тогда исследователи определили, что прошивка многих материнских плат Gigabyte содержит Windows-бинарник, который выполняется при загрузке операционной системы.

К своему отчету Eclypsium приложила список более чем 270 моделей материнских плат Gigabyte, затронутых проблемой.

Материнские платы Gigabyte используют функцию WPBT для установки приложения для автоматического обновления в %SystemRoot%\system32\GigabyteUpdateService.exe в новых установках Windows.

Теперь производитель выпустил обновления прошивки материнских плат для процессоров Intel (серии 400/500/600/700) и процессоров AMD (серии 400/500/600).

По словам компании, усовершенствования воспрепятствуют внедрению вредоносного кода и гар…

Все это и мно­гое дру­гое уме­ет выяв­лять наш флаг­ман­ский про­дукт — DLP-сис­тема «Сёр­чИнформ КИБ».

Мы видели, что мно­гие ком­пании заин­тересо­ваны в защите, но не готовы покупать софт, обо­рудо­вание и нанимать спе­циалис­та в штат.

Быва­ет и так, что в ком­пании прос­то нет нуж­ной экспер­тизы — и руководс­тво готово прив­лекать помощь со сто­роны.

— Нет, мы счи­таем, что это не обя­затель­но.

Под­робные усло­вия фран­шизы и экс­клю­зив­ные усло­вия для пер­вых пар­тне­ров вен­дор пре­зен­тует на кон­ферен­ции «Как стать сер­вис‑про­вай­дером в инфо­безе: быс­трый старт».

Власти США и Южной Кореи выпустили предупреждение об активности северокорейской хак-группы Kimsuky (она же APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Thallium, Nickel Kimball и Velvet Chollima).

Злоумышленники атакуют медиа-организации, аналитические и исследовательские центры, а также научные учреждения, выдавая себя за журналистов и ученых.

Фишинговые письма зачастую замаскированы под приглашения на интервью, опросы, а также запросы на получение отчетов или ознакомление с документами.

Первые письма обычно вообще не содержат малвари или каких-либо вложений, поскольку их цель — завоевание доверия жертвы, а не быстрый взлом.

Следует отметить, что на прошлой неделе Южная Корея ввела но…

Разработчики криптовалютного кошелька Atomic Wallet расследуют серию инцидентов, в ходе которых кошельки некоторых клиентов были взломаны и опустошены.

Пока неясно, использовали ли злоумышленники направленный фишинг или воспользовались некой уязвимостью в Atomic Wallet.

В минувшие выходные команда Atomic Wallet сообщила в Twitter, что получает массовые сообщения о взломанных кошельках и уже начала расследование происходящего.

Сообщается, что в настоящее время разработчики сотрудничают со сторонними ИБ-компаниями, стремясь разобраться в происходящем и блокировать продажу украденных у пользователей средств на биржах.

Известный блокчейн-исследователь ZachXBT уже собирает и изучает транзакции с…

Специалисты сообщают, что вычислили и задержали группу мошенников Jewelry Team.

По другой версии, Jewelry Team могла быть самостоятельным подразделением этой большой команды, о чем свидетельствует «партнерская» реклама в группе.

Эксперты установили владельца двух таких «возрожденных» доменных имен, используемых Jewelry Team.

Эта группировка образовалась почти на год раньше Jewelry Team, но на момент расследования уже фактически не существовала.

Осенью 2022 года в ходе совместного расследования полицейские и специалисты департамента исследования высокотехнологичных преступлений вычислили и задержали 18-летнего жителя Ижевска, который признался в создании фишингового сайта.

Разработчики AMD сообщили, что в процессорах AMD EPYC 7002 выявлена необычная ошибка.

Баг приводит к тому, что после 1044 дней непрерывной работы (2 года и 10 месяцев) процессор может зависнуть, из-за чего сервер придется перезагрузить.

В AMD предупредили, что не смогут устранить эту проблему.

Пользователь Reddit под ником acid_migrain предполагает, что проблема на самом деле проявляется не через 1044 дня, а через 1042 дня и 12 часов.

В качестве решения проблемы AMD предлагает администраторам либо перезагружать сервер чаще, чем раз в 1044 дней, что «обнулит» ЦП и перезапустит 1044-дневный «таймер», либо отключать энергосберегающий режим CC6.

Справка: сканирование портовСка­ниро­вание пор­тов — стан­дар­тный пер­вый шаг при любой ата­ке.

Он поз­воля­ет ата­кующе­му узнать, какие служ­бы на хос­те при­нима­ют соеди­нение.

На осно­ве этой информа­ции выбира­ется сле­дующий шаг к получе­нию точ­ки вхо­да.

На­ибо­лее извес­тный инс­тру­мент для ска­ниро­вания — это Nmap.

Улуч­шить резуль­таты его работы ты можешь при помощи сле­дующе­го скрип­та:#!/ bin/ bash ports = $( nmap -p- --min-rate = 500 $1 | grep ^[ 0- 9] | cut -d '/ ' -f 1 | tr '\ n' ', ' | sed s/, $/ / ) nmap -p $ports -A $1

Критическая уязвимость CVE-2023-34362 в продукте для управления передачей файлов MOVEit Transfer, разработанном компанией Progress Software, широко используется хакерами для массовых хищений данных у организаций.

MOVEit Transfer представляет собой решение для передачи файлов, разработанное Ipswitch, дочерней компанией американской корпорации Progress Software.

В конце прошлой недели разработчики Progress Software предупредили об обнаружении критической уязвимости в MOVEit Transfer.

Как рассказали ИБ-специалисты из компании Rapid7, уязвимость в MOVEit Transfer представляет собой SQL-инъекцию, которая приводит к удаленному выполнению кода и получила идентификатор CVE-2023-34362.

Эксперты пишу…

A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers.

"The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim's account by performing web injections into targeted cryptocurrency websites," Kaspersky researchers Haim Zigel and Oleg Kupreev said.

Satacom downloader, also called Legion Loader, first emerged in 2019 as a dropper for next-stage payloads, including information stealers and cryptocurrency miners.

Infection chains involving the malware begin when users searching for cracked software are …

Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022.

"The campaign is designed to aggressively push adware to Android devices with the purpose to drive revenue," Bitdefender said in a technical report shared with The Hacker News.

"However, the threat actors involved can easily switch tactics toredirect users to other types of malware such as banking Trojans to steal credentials and financial information or ransomware."

It's worth pointing out that none of the apps are distributed through the official Google Play Store.

Instead, users s…

Yet the landscape of OT security tools is far less developed than its information technology (IT) counterpart.

Reason 4: OT systems are highly variableThe IT world has largely standardized around the TCP/IP protocol, but the OT world lacks such consensus.

Reason 5: OT systems are delicateAs a function of their variability and always-on nature, OT systems are easily disrupted by the most basic IT processes and security best practices.

OT environments deserve OT solutionsIt's often said that strategy precedes tooling — and this is true.

To learn more about the top challenges currently facing OT security professionals, read the complete report from Takepoint Research and Cyolo.

Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild.

Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine.

Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023.

"Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the NIST's National Vulnerability Database (NVD).

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advis…

Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that's designed to capture sensitive data from infected hosts.

Cyclops ransomware is notable for targeting all major desktop operating systems, including Windows, macOS, and Linux.

The macOS and Linux versions of Cyclops ransomware are written in Golang.

The Go-based stealer, for its part, is designed to target Windows and Linux systems, capturing details such as operating system information, computer name, number of processes, and files of interest matching specific extensions.

"These capabilities provide attackers to obtain valuable information from the victim's systems that can…

A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that's targeting users in the U.A.E.

The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines.

"The phishing pages appropriate the official name and logo of the impersonated postal service provider."

Join the SessionThe smishing activity marks an expansion of the threat actor's efforts since at least 2021, when it began targeting users in the Asia-Pacific region.

The development comes on the heels of a similar postal-themed phishing campaign dubbed Operation Red Deer that has been discovered targeting various Israeli organizations…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

Patches to plug the security holes were released by Zyxel on May 24, 2023.

The following list of devices are affected -ATP (versions ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)VPN (versions ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), andZyWALL/USG (versions ZLD V4.25 to V…

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest.

"Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today.

Lace Tempest, also called Storm-0950, is a ransomware affiliate that overlaps with other groups such as FIN11, TA505, and Evil Corp.

CVE-2023-34362 relates to an SQL injection vulnerability in MOVEit Transfer that enables unauthenticated, remote attackers to gain access to the database and execute arbitrary code.

There are believed to be at lea…

How many organizations have experienced a SaaS security incident within the past two yearsThe SaaS Security Survey Report: Plans and Priorities for 2024, developed by CSA in conjunction with Adaptive Shield, dives into these SaaS security incidents and more.

SaaS Security Incidents Are on the RiseAnecdotally, it was clear that SaaS security incidents increased over the last year.

7% of respondents claimed to have 100% of their SaaS stack monitored with 68% reporting that they were monitoring less than half their SaaS stack.

The current SaaS security practices, like Cloud Access Security Brokers (CASB) and manual audits, are not enough to cover the SaaS stack.

A year ago, in the 2022 State o…

The idea, in a nutshell, is to breach vulnerable legitimate sites and use them to host web skimmer code, thereby leveraging the good reputation of the genuine domains to their advantage.

"This attack included the exploitation of Magento, WooCommerce, WordPress, and Shopify, demonstrating the growing variety of vulnerabilities and abusable digital commerce platforms," Lvovsky said.

This includes camouflaging the skimmer code as third-party services like Google Tag Manager or Facebook Pixel to conceal its true intentions.

Another trick employed is the JavaScript code snippets function as loaders to fetch the full attack code from the host victim website, thereby minimizing the footprint and l…

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal.

"This threat actor employs tactics such as LOLBaS (living-off-the-land binaries and scripts), along with CMD-based scripts to carry out its malicious activities," the BlackBerry Research and Intelligence Team said in a report published last week.

The cybersecurity company attributed the campaign, dubbed Operation CMDStealer, to a Brazilian threat actor based on an analysis of the artifacts.

"LOLBaS and CMD-based scripts help threat actors avoid detection by traditional security measures.

The scripts leverage built-in Win…

A surge in TrueBot activity was observed in May 2023, cybersecurity researchers disclosed.

Active since at least 2017, TrueBot is linked to a group known as Silence that's believed to share overlaps with the notorious Russian cybercrime actor known as Evil Corp.

Recent TrueBot infections have leveraged a critical flaw in Netwrix auditor (CVE-2022-31199, CVSS score: 9.8) as well as Raspberry Robin as delivery vectors.

Once run, update.exe establishes connections with a known TrueBot IP address located in Russia to retrieve a second-stage executable ("3ujwy2rz7v.exe") that's subsequently launched using Windows Command Prompt.

The executable, for its part, connects to a command-and-control (C2…

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called Royal.

Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an "extremely high degree of similarity" between Royal and BlackSuit.

"In fact, they're nearly identical, with 98% similarities in functions, 99.5% similarities in blocks, and 98.9% similarities in jumps based on BinDiff, a comparison tool for binary files," Trend Micro researchers noted.

"The emergence of BlackSuit ransomware (with its similarities to Royal) indicates that it is either a new variant developed by the same authors, a cop…

EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.

The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.

That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.

“With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.

Last week, the Biden administrati…

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.

In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.

Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.

This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.

The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

“These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.

“The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.

What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’…

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

After a recent dip, ransomware attacks are back on the rise.

With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.

It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.

Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.

Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.

According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.

Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Twitter has responded alleging that Zatko is a “disgruntled employee” who was fired for poor performance and leadership.

This, according to Zatko, elevates his concerns to a matter of national security.

Twitter allowed some foreign governments “… to infiltrate, control, exploit, surveil and/or censor the ‘company’s platform, staff, and operations,” according to the redacted whistleblower report submitted to congress.

NEW: First time Twitter CEO @paraga weighs in on whistleblower story.

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Earlier this month, Palo Alto Networks issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.

PAN-OS versions vulnerable to attack, with patches available, include PAN-OS prior to 10.2.2-h2, PAN-OS prior to 10.1.6-h6, PAN-OS prior to 10.0.11-h1, PAN-OS prior to 9.1.14-h4, PAN-OS prior to 9.0.16-h3 and PAN-OS prior to 8.1.23-h1.

CISA Adds Bug to KEV CatalogOn Monday, CISA added the Palo Alto Networks bug to its list of Known Exploited Vulnerabilities Catalog.

This type of attack allows an adversary to magnify the amount of malicious traffic they …

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Warnings come from security researchers who say TA558 cybercriminals have revamped their 2018 campaigns with fake reservation emails that contain links – that if clicked – deliver a malicious malware payload containing a potpourri of malware variants.

ISO and RAR are single compressed files, that if executed, decompress the file and folder data inside of them.

TA558 conducted 27 campaigns with URLs in 2022, compared to just five campaigns total from 2018 through 2021.

This actor used a variety of delivery mechanisms including URLs, RAR attachments…

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack.

One of the flaws is a kernel bug (CVE-2022-32894), which is present both in iOS and macOS.

“For most folks: update software by end of day,” tweeted Rachel Tobac, the CEO of SocialProof Security, regarding the zero-days.

The flaws in iOS are especially worrying, given the ubiquity of iPhones and users’ utter reliance on mobile devices for their daily lives, he said.

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.

Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19.

FedCM—short for the Federated Credential Management API–provides a use-case-specific abstraction for federated identity flows on the web, according to Google.

Fifth Chrome 0Day Patch So FarThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.

In April, Google patched CVE-2022-136…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the futureYou’ve just downloaded a new mobile game, cryptocurrency wallet, or fitness app, but something isn’t right.

When downloading a mobile app that should be associated with a popular online service, make sure that the service actually offers such an app.

If that’s the case, its official website will contains links to the apps in Google Play Store and/or Apple App Store.

Check the developer’s pedigreeTread also carefully when dealing with an app from an unknown app developer with no track record in app development.

The video by ESET malware researcher Lukas Stefanko shows …

Given the reliance of today’s digital world on APIs and the fact that attacks targeting them continue to rise sharply, API security cannot be an afterthought.

Given the increasing reliance of today’s digital world on APIs and the fact that cyberattacks targeting them continue to rise sharply, API security cannot be an afterthought.

Here is how a poorly protected application programming interface creates security risks, what the main API security risks are, and what organizations can do to build solid foundations for the bridges that connect various software systems and applications.

Connect with us on Facebook, Twitter, LinkedIn and Instagram.

Sign up to receive an email update whenever a n…

According to one recent study, 94% of global organizations have experienced API security problems in production over the past year with nearly a fifth (17%) suffering an API-related breach.

More than half (59%) of organizations claim that they’ve had to slow down the rollout of new apps because of API security concerns.

Its OWASP API Security Top 10 2023 list details the following three main security risks:Broken Object Level Authorization (BOLA): API fails to verify whether a requester should have access to an object.

API authentication can be “complex and confusing” for many developers, who may have misconceptions about how to implement it, OWASP warns.

How to mitigate API threatsGiven wh…

These techniques are also applied specifically for social media intelligence, sometimes called SOCMINT.

In this article, we’ll look at several tools that may aid your social media intelligence efforts.

In addition, Maltego allows you to integrate different sources of information, such as databases, online search tools, APIs, etc.

Social media as search enginesOkay, this is not really what you would think of as an OSINT tool, but search functionalities that are integrated within social media sites may double as powerful resources for intel gathering – without leaving the app itself.

Be careful about what you post online and avoid oversharing details from your private life on social media.

Nigerian nationals Solomon Ekunke Okpe and Johnson Uke Obogo ran a sophisticated fraud scheme that caused up to US$1 million in losses to victims.

Here’s how they pulled out the cons and, even more importantly, how you can avoid becoming a victim of similar ploys.

Step 1 – hacking into email accountsIn order to get access into victims’ email accounts, Okpe and co-conspirators launched email phishing attacks that collected thousands of email addresses and passwords.

After gaining victims’ trust, Okpe and others used them as money mules to transfer money overseas and receive cash from fraudulent wire transfers.

Many romance scammers borrow from the same playbook, which makes it easier to reco…

ESET research uncovers an Android app that initially had no harmful features but months later turned into a spying toolThis week, ESET malware researcher Lukas Stefanko revealed how an initially legitimate Android app morphed into a malicious trojan that could steal users’ files and record surrounding audio from the device’s microphone and then exfiltrate it.

The app, named iRecorder – Screen Recorder, was first listed in the Google Play Store in September 2021, with the malicious code added almost a year later.

ESET research named the malware AhRat and it is a customization of the open-source AhMyth remote access trojan (RAT).

The app was downloaded 50,000-plus times before it was detected…

As can be seen in Figure 3, RedLine Stealer distributors used AceCryptor since the beginning of RedLine Stealer’s existence and still continue to do so.

VictimologyAs should be expected from the variety of malware packed inside AceCryptor and the diversity of interests of different malware authors, AceCryptor is seen everywhere in the world.

As a checksum function, AceCryptor uses a shl1_add function, already implemented in hashDb, which can make identification of resolved APIs faster.

In the next step, AceCryptor uses the API GetFileAttributesA and checks for file system attributes of a file called apfHQ.

Defense Evasion T1497.003 Virtualization/Sandbox Evasion: Time Based Evasion AceCrypt…

Make sure all operating systems and other software are on the latest version by switching on automatic updates.

Protect your mobile devices: Keep all software up to date, install security software, and don’t download any apps from non-official app stores.

Keep all software up to date, install security software, and don’t download any apps from non-official app stores.

Test your resilience today with the National Cyber Security Centre’s Exercise in a Box and Cyber AwareAbove all, awareness is key.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Submit

The app, named iRecorder – Screen Recorder, was initially uploaded to the store without malicious functionality on September 19th, 2021.

Back then, the spyware, built on the foundations of AhMyth, circumvented Google’s app-vetting process twice, as a malicious app providing radio streaming.

As a Google App Defense Alliance partner, ESET identified the most recent version of the application as malicious and promptly shared its findings with Google.

The first malicious version of iRecorder contained parts of AhMyth RAT’s malicious code, copied without any modifications.

Upon installation of the malicious app, it behaved as a standard app without any special extra permission requests that migh…

Don’t download software from non-reputable websites and sketchy links – you might be in for more than you bargained forChances are good that you have, at some point, searched for free stuff online, including software, movies, TV shows, or live streams of sports matches.

But the truth is that this search for “free” may ultimately come at a high cost, especially if it involves the promise of effortlessly downloading a free version of what’s actually a commercial product or service.

Much the same applies to links you may receive in messages from a “friend” on a social media site and that also promises such a “free lunch”.

Here’s what to do instead of visiting such sketchy websites and how you …

With the ever-increasing number of online devices and services, it is important to have a clear and accurate view of the online presence of these devices and services in order to protect them and data against online threats.

Some search engines for internet-connected devices, such as Shodan, Censys, Zoomeye, Fofa and BinaryEdge, play a crucial role in this task.

Zoomeye allows users to search for and monitor online devices and services and receive real-time alerts about changes in their search results.

Zoomeye focuses on identifying online devices and services and provides detailed information about each device.

BinaryEdgeFinally, BinaryEdge is a security search engine that allows users to …

Perhaps in order to help dispel data privacy concerns, Open AI introduced the ability to turn off chat history in ChatGPT in late April.

The company revealed on March 24th that a bug in an open source library “allowed some users to see titles from another active user’s chat history”.

Uploading company data into the model means you are sending proprietary data directly to a third party, such as OpenAI, and giving up control over it.

First, carefully investigate how these tools and their operators access, store and share your company data.

Second, develop a formal policy covering how your business will use generative AI tools and consider how their adoption works with current policies, especi…

But even when such advice is widely shared, people still download files from distinctly nonreputable places and get compromised as a result.

So, without any fanfare, here is what makes a site reputable to download software from:You should only download software direct from the author or publisher’s site, or a site expressly authorized by them.

These download sites function as curators for finding software in one place, which makes it easy to search and discover new software.

Neowin’s Software download section does not engage in any type of disingenuous behavior.

Security software does try to account for human behavior, but so do criminals who exploit concepts such as reputation and trust.

What have some of the world’s most infamous advanced threat actors been up to and what might be the implications of their activities for your business?

This week, ESET researchers released a new issue of the APT Activity Report that looks at the activities of selected advanced persistent threat (APT) groups from October 2022 to March 2023.

Meanwhile, Russia-aligned APT groups continued to deploy their malicious wares especially in Ukraine and EU countries, with Iran-aligned group OilRig deploying a new custom backdoor in Israel.

What else were some of the world’s most infamous advanced threat actors up to, what kinds of techniques did they use and what are the possible implications for your…

This makes parental control software an increasingly attractive and much-needed prospect for parents and guardians.

Why use parental control software?

They’ll usually try to build trust with their victims by masquerading as someone their age on social, messaging, gaming and other apps.. Children can seem tech savvy.

What to look for in parental control softwareThere are plenty of solutions on the market that can help with some or all of the above challenges.

that enable you to either block age-inappropriate apps or control which applications they can access, and for how long.

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

Have you listened to our podcast?

Have you listened to our podcast?

Serious Security: That KeePass “master password crack”, and what we can learn from it

Have you listened to our podcast?

Have you listened to our podcast?

Ransomware tales: The MitM attack that really had a Man in the Middle

Have you listened to our podcast?

Have you listened to our podcast?

Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

In this Help Net Security video, Ed Adams, CEO of Security Innovation, discusses the shifts in cybersecurity training.

60% of companies now include realistic simulations in their cybersecurity training programs compared to 36% in 2020.

According to Security Innovation research, organizations increasingly embrace realistic simulations in training programs.

Respondents ranked this feature as highly effective and delivering the most significant ROI compared with other cybersecurity training program components.

Applications developed by public sector organizations tend to have more security flaws than applications created by the private sector, according to Veracode.

Security flaws in public sector organizationsResearchers found that just under 82% of applications developed by public sector organizations had at least one security flaw detected in their most recent scan over the last 12 months, compared to 74% of private sector organizations.

Depending on the type of flaw tracked, public sector applications had a 7–12% higher probability of having a flaw introduced in the last 12 months.

Discovery of “high severity” flaws in public sector applications (16.5%) in a 12-month period was lower than in …

“This explains why 71% of respondents are prioritizing their investment in security tools for SaaS, most notably turning to SaaS Security Posture Management (SSPM) as the solution to secure their entire SaaS stack,” Baron added.

SaaS securityCurrent SaaS security strategies and methodologies don’t go far enough: 58% of organizations estimate their current SaaS security solutions only cover 50% or less of their SaaS applications.

This gap cannot be filled using manual audits and cloud access security brokers (CASB), which are not enough to protect companies from SaaS security incidents.

Investment in SaaS and SaaS security resources are drastically increasing: 66% of organizations have incre…

DigiCert has partnered with ReversingLabs to enhance software security by combining advanced binary analysis and threat detection from ReversingLabs with DigiCert’s enterprise-grade secure code signing solution.

“ReversingLabs is excited to partner with DigiCert to help solve software supply chain security issues at all stages of the software development and deployment process,” said Mario Vuksan, CEO at ReversingLabs.

Weaknesses in the software supply chain have been exploited in recent years, resulting in tampering, malware insertion and other threats to critical business software.

A recent ReversingLabs survey found that nearly 90 percent of technology professionals detected significant …

NinjaOne announced enhancements to NinjaOne Patch Management, delivering the latest automated patching solutions to maintain business operations and keep organizations secure.

NinjaOne is simplifying the process with a new patching dashboard, automated Linux and MacOS patching improvements, and patch scheduling flexibility.

With NinjaOne Patch Management, companies can automatically patch any device from a centralized, easy-to-use console, and automate every step of the process, spending 90 percent less time patching.

Mac third-party patching – Organizations can easily deploy patches for common third-party apps on MacOS devices to achieve clearer visibility into the patch status of all Mac …

Trulioo released new capabilities for automated business and person verification workflows.

The latest update bolsters Trulioo global leadership by expanding geographic coverage and localization for person verification and further automating business verification processes to reduce costly manual reviews.

With the ever-increasing complexity of financial crimes and anti-money laundering regulations, onboarding business customers often takes longer and costs more.

To further streamline the KYB process, the Trulioo global identity platform can perform Know Your Customer (KYC) checks on a business’s ultimate beneficial owners in the same workflow.

The result of that layered approach to business…

Lacework’s new CIEM capabilities extend the company’s broad identity security offerings with powerful new automation that calculates risks and prioritises action for security teams.

Unifying these capabilities at scale bridges the gap between IAM and SecOps teams to simplify cloud identity security.

Preventing cloud identity risk with new entitlement management technologyLacework dynamically discovers all cloud user, resource, group and role identities and their net-effective permissions, and automatically correlates granted versus used permissions to determine identities with excessive privileges.

“Enforcing least privilege and having visibility of identities and entitlements is a top clou…

Enveedo has launched its Strategy Execution Platform for Security that enables organizations to build and maintain cyber resiliency.

The platform includes a risk management engine, on-demand access to vCISO guidance, and a real-time centralized view of the organization’s systems, assets, stakeholders, and risks.

“We are excited about the launch of our new cybersecurity platform,” said Luciano Salata, Enveedo CEO.

The Enveedo platform streamlines the entire process with easy-to-follow guidelines, API integrations, and automation.

The platform’s integrated risk management capabilities help them achieve cyber resiliency,” added Daniel Monetto, Enveedo CTO.

Appdome has integrated its platform with GitHub to accelerate the delivery of secure mobile apps globally.

GitHub Actions is now part of the Appdome Dev2Cyber Agility Partner Initiative to accelerate the delivery of secure mobile apps globally.

This solves mobile brands’ need for technology platforms to automate the delivery of cyber defense in mobile apps and to keep pace with modern DevOps pipelines.

“Development teams need a cyber defense solution for mobile app development that takes advantage of and integrates with mobile development best practices and tooling.

“GitHub is a key development platform for mobile apps, and developers using GitHub need to be able to build security protectio…

Third on the list, and perhaps most interestingly, was “Going Into The Office” (24%), which worried nearly a quarter of employees.

Due to the pandemic, a lot of employees started working from home and the migration back to the office may be troublesome for many.

However, with the Chancellor Jeremy Hunt suggesting that office working should be “default”, this percentage may increase over time.

Especially as, according to Google trends, searches for “work from home jobs” have increased by 110% over the past 12 months.

In fact, according to Google trends, searches for “work from home jobs” have increased by 110% over the past 12 months.

New research by Armis shows organisations in the U.K. are facing immediate cybersecurity challenges stemming from a heightened regulatory environment, staffing and recruitment difficulties and an expanded attack surface.

Most organisations use multiple tools to monitor their connected assets, with 60% using more than 5 tools – and up to 50 in some instances.

34.3% of professionals said they monitor all connected assets mainly through a Configuration Management Database (CMDB), 21.3% work with a SaaS visibility solution provider, 8.8% use Manual Spreadsheets and 29.5% said other.

Additionally, 6.1% of respondents said they only monitor corporate assets in their organisation or do not monitor…

Few areas of cybersecurity measure up against penetration testing in terms of importance and excitement.

It’s also noteworthy that every instance of penetration testing should fit the context of a specific organization and the industry it represents.

Pentester’s DutiesThinking like an attacker is a hugely important prerequisite for a successful penetration testing exercise.

Here is a list of the documents that are widely recognized across the board:Certified Ethical Hacker (CEH)Certified Expert Penetration Tester (CEPT)Certified Mobile and Web Application Penetration Tester (CMWAPT)Certified Penetration Tester (CPT)GIAC Certified Penetration Tester (GPEN)Offensive Security Certified Profess…

A new research report, entitled Plotting the Roadmap for Digital Identity, by API focused identity and access management company Curity found that UK organisations and consumers are ready to embrace a new era of digital identity.

The research revealed that 60% of organisations in the UK and US expect digital identity to have a transformative impact on their industry.

The research also revealed that two-thirds of UK organisations are either currently use digital identity or have plans to incorporate digital identity solutions into their operations, with 61% of those planning to do so within the next year.

UK consumers are also displaying a growing familiarity with digital wallets, with 58% o…

Today, Salt Security announced that it has achieved Amazon Web Services (AWS) Security Competency status in the Application Security category.

Salt is the only API security company to have earned AWS Security Competency.

Salt delivers the deepest insights into API threats and vulnerabilities, including those outlined in the OWASP API Security Top 10 list.

“Achieving AWS Security Competency status deepens our AWS integration and reinforces our ongoing commitment to empower customers to secure their APIs in AWS,” said Gilad Barzilay, head of business development, Salt Security.

“With AWS Security Competency, Salt provides businesses with continuous API discovery and adaptive intelligence to e…

With 12 years of years of patented development and IP innovation, this week, Centripetal announced the launch of CleanINTERNET® CLOUD.

The expansion aims to extend protection to enterprise assets anywhere – whether on premises, remote or in the cloud.

CleanINTERNET® leverages dynamic threat intelligence from more than 250 threat intelligence providers in real-time, proactively shielding networks from 99% of known threats.

Public cloud infrastructure allows for tremendous flexibility of deployment and the ability to scale applications rapidly.

This is why we are opening our European Cyber Intelligence Centre of Excellence in Galway and deploying our CleanINTERNET® offering to the cloud.

According to Action Fraud, between 2021 – 2022 there was a 120% increase in holiday scams with victims collectively losing over £7.4 million to criminals.

This highlights the growing threat holiday scams can pose to consumers and the need to be cautious when booking holidays online.

When criminals engage in airline and holiday scams, their primary goal is to achieve financial gain.

What are the types of Holiday and Airline Scams to be aware of?

Airline and holiday scams primarily target travellers seeking great deals through fake websites, deceptive advertisements, and phishing attacks.

The model, which is currently only available through MyCena Security Solutions, addresses 95% of cybersecurity breaches, while reducing costs and significantly improving cyber resilience.

ASEM is a revolutionary new security model that tackles this threat.

ASEM is a new security model that adds 95% more coverage by putting access security back under corporate control.

It’s the most comprehensive security model available on the market today,” said Julia O’Toole, CEO of MyCena Security Solutions.

MyCena Security Solutions is currently the only vendor offering a platform to support the ASEM security model.

KnowBe4 has launched its new and complementary QR Code Phishing Security Test ( QR Code PST) tool.

The no-charge tool assists organisations in identifying users that are most susceptible to scanning malicious QR codes.

QR code phishing is a social engineering attack that includes a malicious link within a QR code that users are prompted to scan with their smartphones.

According to QR code generator company, dynamic QR code scans increased 433% globally from 2021 to 2022 and scans quadrupled in 2022 alone.

KnowBe4’s new QR Code Phishing Security Test is a great tool to use as a first step in determining how vulnerable an organisation is to the threat of malicious QR codes.

Today, Salt Security released new threat research from Salt Labs that details several critical security flaws in the Expo framework.

Expo issued Salt Labs CVE-2023-28131 and swiftly remediated all issues.

“Security vulnerabilities can happen on any website – it’s the response that matters,” said Yaniv Balmas, VP of Research, Salt Security.

Salt Labs researchers discovered security vulnerabilities in the social login functionality used by Expo, implemented with an industry-standard protocol called OAuth.

With the potential to impact hundreds of companies using Expo, Salt Labs discovered this vulnerability in Codecademy.com, a popular online platform offering free coding classes across a doze…

Synopsys, Inc. (Nasdaq: SNPS) today announced it has been named by Gartner, Inc. as a Leader in the “Magic Quadrant™ for Application Security Testing” for the seventh consecutive year.1 In the report, Gartner evaluated 12 application security testing vendors based on their completeness of vision and ability to execute.

“We believe this acknowledges our vision and ability to execute against evolving market requirements.”Download complimentary copies of the 2023 Magic Quadrant for Application Security Testing and the 2023 Critical Capabilities for Application Security Testing to learn more.

The addition of WhiteHat Security provides Synopsys with significant SaaS capabilities and market-segme…

Enter Microsoft Teams Operator Connect, a new feature that lets you connect with external users seamlessly.

With the help of technological tools such as Microsoft Teams Operator Connect, it’s now possible to streamline communication and make it easier for teams to stay connected.

By investing in tools like Microsoft Teams Operator Connect and Microsoft Teams Direct Routing, businesses can simplify their communication processes and improve collaboration, ultimately leading to greater success.

Practical Steps to Streamline Communication with Microsoft Teams Operator ConnectWhen it comes to streamlining communication with Microsoft Teams Operator Connect, there are a few practical steps that y…

By doing this, you are reducing the chance of identity theft, data breaches, ransomware, and many other types of cyber threats.

By doing this, you allow your team to have access to an efficient and inexpensive way of avoiding cyber threats.

You also ensure you are complying with at least the basic legal requirements to protect your company, team and clients.

Conduct regular cybersecurity trainingUse a webinar platform to teach all your workers how to avoid cybersecurity threats.

Using cloud-based cybersecurity tools or utilising cost-effective cybersecurity options can save your company a lot of money and disruption in the long run.

 

Сделал презентацию по обновлению ISO 27001:2022 ISO 27001:2022 What has changed.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Моя презентация "ISO Survey 2021: ISO 27001 certificates".Сырые данные - https://www.iso.org/the-iso-survey.html

Как вы наверное знаете, я уже несколько лет собираю на Патреоне комплекты документов (рекомендации, чек-листы и шаблоны) полезные для внедрения СУИБ по ISO 27001 и обеспечения privacy (GDPR и ISO 27701):1. ISMS Implementation Toolkit (ISO 27001)2. Privacy Implementation Toolkit (GDPR and ISO 27701)Теперь все документы можно скачать и на российском сервисе Boosty - https://boosty.to/isms8020Подписывайтесь и поддержите этот проект!

Хочу вам напомнить, что рекомендации по внедрению СУИБ по стандарту ISO 27001 и подготовке к аудитам выложены на Boosty, язык русский - https://boosty.to/isms8020/posts/0f6f575a-26c3-4ff9-88fa-64799c3c9772

Пятничный подгон — как быстро и безопасно управлять переменными окружения на macOS с помощью keychain. По сути там уже все есть, нужно только добавить обертку.Делаем раз:tee ~/keychain-env.sh <<'EOF'function keychain-env-read () { security find-generic-password -w -a ${USER} -D "environment variable" -s "${1}"}function keychain-env-add () { [ -n "$1" ] || print "Missing environment variable name" read -s "?Enter Value for ${1}: " secret ( [ -n "$1" ] && [ -n "$secret" ] ) || return 1 security add-generic-password -U -a ${USER} -D "environment variable" -s "${1}" -w "${secret}"}EOFДва:echo -n 'source ~/keychain-env.sh' >> ~/.zshrcТри:source ~/.zshrcТеперь взмахом руки можно добавлять перемен…

Все уже успели перевели свои Google-аккаунты на Passkey?С сегодняшнего дня это официальный способ аутентификации для Google и огромный шаг к будущему без паролей 🔐включать тут > https://myaccount.google.com/signinoptions/passkeysBlog > https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/

🐐 Kubernetes Goat — наверное самый популярный проект для изучения безопасности Kubernetes.Круто, что благодаря сообществу они продолжают развивать и добавлять новые сценарии. Например недавно добавили лабы для изучения Cilium Tetragon и Kyverno.Большинство сценариев простые, зато их уже более 20 штук, поэтому для общего понимания очень даже.> https://madhuakula.com/kubernetes-goat/> https://github.com/madhuakula/kubernetes-goat

Неплохие площадки для экспериментов с docker и kubernetes, если лень разворачивать лабы и разбираться с админской частью.https://labs.play-with-docker.com/https://labs.play-with-k8s.com/Есть и песочницы и отдельные таски, где можно подтянуть темы, которые вы давно откладывали, например как работают linux capabilities или seccomp профили

Говорят, чтобы пойти работать джун аппсеком достаточно научиться разворачивать какую-нибудь oauth proxy перед своими критическими сервисами.Согласны? Узнали? Какая ваша любимая? 🫠

Советую как будет время глянуть вчерашний ИБ-митап Яндекса, достаточно интересные и разные темы. Cразу спойлер — про слив упомянули, но ничего не рассказали, обещали потом.А вообще парням большой респект за то, что несмотря на то, что происходит в мире российского ИБ, они просто рассказывают важные и интересные вещи о том, как можно и нужно делать ИБ, без какого-либо продающего контекста (ну если только чуть-чуть). Ну и в опенсорс коммитят конечно же 🙂Все доклады классные, просто бери обводи и обновляй свои ИБ планы на 2023-2024 года.00:04:13 Про DevSecOps в Яндекс.Облаке, немного продающий облако, но затрагивающий лучшие практики о том, как построить процессы ИБ в финтехе и не только.01:10…

А вы знали, что OpenSSH на macOS позволяет пасс-фразы от ваших ssh-ключей добавить в keychain, чтобы автоматом подтягивать их при подключении?Делаем:ssh-add --apple-use-keychain ~/.ssh/[priv-key]И подключаем в конфиге агента ~/.ssh/config:Host * UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_rsaГотово, вы сэкономили немного своего времени на ввод passphrase.Если ключей несколько, то агент по имени ключа будет доставать нужную фразу.P.S На старых версиях MacOS команда чуть отличается, вот тут подглядите.Ну а теперь похоливарим за безопасность такого метода, особенно если у вас включен iCloud sync? 🤪

Понял тут, что не рассказывал о trufflehog, наверное лучшем на сегодншний день решении для поиска секретов. SSH и API ключи, пароли к бд, токены, облачные учетные данные и многое другое. Там уже 700 детекторов/регулярок, причем для некоторых есть сразу автоматическая проверка. Нашли например креды к AWS или GCP, нажали кнопочку и trufflehog любезно постучал в нужную апишку для валидации.Еще помимо привычных множественных сканов репозиториев, есть возможность поиска по файловой системе и даже s3 бакетам. Бонусом можно скачать плагин для браузера чтобы и по JS пройтись.Короче, мастхев для безопасности ваших пайплайнов и обнаружения секретов, которые кто-то случайно забыл положить куда следует…

Пссс, завезем немного движа в ИБ?Давно вынашивал идею закрытого сообщества для безопасников, где можно было бы черпать экспертизу, обмениваться опытом, получать актуальную информацию и просто общаться с крутыми и интересными людьми.Почему закрытого? Потому что сами знаете специфику нашего направления, когда далеко не все готовы обсуждать многие вещи публично. Но согласитесь, у многих есть опыт, которым можно поделиться и который может быть очень полезен. Мне кажется закрытый формат может хотя бы частично эту проблему решить.В общем, не буду ходить вокруг да около, сейчас я на этапе проверки гипотезы поэтому очень хочется получить от вас обратную связь.Основную идею постарался изложить тут >…

Я снова пропал, но тут такая новость сегодня, что нельзя было не поделиться — поддержка Passkeys теперь официально доехала до Google Chrome (Chrome Stable M108 если быть точным).На всякий случай Passkeys — это инициатива альянсов FIDO и W3C по разработке стандарта аутентификации без использования паролей, которые являются занозой в заднице в современном мире: утечки, брутфорс, сменяемость, желание написать его на листочке и приклеить к монитору и пр.Короче крутые чуваки собрались как-то, подумали и изобрели WebAuthn. Потом инициативу поддержали Apple, Google и Microsoft, обернули это в Passkeys и вот он, продукт который можно внедрять и нести людям (многие уже давно принесли даже, только Go…

Вопрос который меня в последнее время сильно волнует. Будет очень круто если поучаствуете анонимно.Если вы еще не касались истории с импортозамещением — игнорируйте (хотя предположу, что коснулось многих).Собственно вопрос ↓

Наверное лучший роадмап по сертификациям в ИБ, отсортированный по направлениям и уровню сложности.В очередной раз в этом убедился.> https://pauljerimy.com/security-certification-roadmap/ <p.s выглядит это конечно страшно, но что не сделать ради многострочного статуса в Linkedin, да? 😁

Там в либе Apache Commons Text нашли уязвимость, позволяющую выполнять удаленное выполнение кода — CVE-2022-42889. Но несмотря на CVSS 9.8, уязвимость затрагивает только несколько методов, связанных с интерполяцией данных, что в целом выглядит не так критично.Поискать в коде можно по:StringLookupFactory.INSTANCE.interpolatorStringLookup().lookup()или StringSubstitutor.createInterpolator().replace()В любом случае возьмите на вооружение и если лень читать код просто пропатчите либы до новой версии 1.10, благо она уже вышла.Уязвимость затрагивает версии Apache Commons Text 1.5–1.9.Reports:https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/https://securi…

Если моделирование угроз (threat modeling) у вас тоже вызывает боль, либо это увлекательное занятие вам только предстоит, попробую сэкономить вам несколько десятков часов вашего времени и просто порекомендую начать с > https://shellsharks.com/threat-modelingИ неважно делаете вы модель угроз для приложения или инфраструктурного компонента. А еще пришла в голову мысль, что доступ к таким материалам при пентесте может сильно ускорить процесс получения результата :) Удачи!Никогда не забуду свою первую... ⛔️

Google опубликовала очень стильный проект H4CK1NG.GOOGLE (фактически GoogleCTF 22) с набором своих новых челленджей по разным направлениям, каждое из которых сопровождается крутейшими видео-историями. Если вдруг заскучали после рабочего понедельника, можно провести вечер с пользой. В случае ступора можно сходить в дискорд проекта за подсказками или writeups — это уже для совсем ленивых :)Are you ready? [Y/N]https://h4ck1ng.googlePlaylist > https://www.youtube.com/playlist?list=PL590L5WQmH8dsxxz7ooJAgmijwOz0lh2H

According to Greenwald, Snowden also thought that bringing me down was a good idea.

I didn’t know either of them, but I have been writing about cryptography, security, and privacy for decades.

It had been incredibly stupid for Miranda to be traveling with NSA documents on the thumb drive.

Those of us in the information security community had long assumed that the NSA was doing things like this.

It’s used to keeping this stuff behind multiple levels of security: gates with alarms, armed guards, safe doors, and military-grade cryptography.

And those systems are being leveraged for convenience or safety features like adaptive cruise control, lane keeping, remote parking, and so on.

And security?

“If you design it from scratch, it’s security by design, everything is in by design; you have it there.

“At the same time, they’re a great software system.

And there are so many regulations and EU standards that have been released in the last year, year and a half, that force OEMs to comply with these standards and get security inside,” she said.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked.

Bigger may be better, but the open-source community is showing that smaller is often good enough.

It also takes control away from large companies like Google and OpenAI.

The memo concluded that the open-source community has lapped the major corporations and has an overwhelming lead on them.

The large companies may respond by trying to retrench and pulling their models back from the open-source community.

Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC: “Artificial intelligence could lead to extinction, experts warn.” Other headlines are similar.

That was what I was thinking about when I agreed to sign on to the statement: “Pandemics, nuclear weapons, AI—yeah, I would put those three in the same bucket.

Surely we can spend the same effort on AI risk as we do on future pandemics.

The security risks from those precursor technologies are already with us, and they’re increasing as the technologies become more powerful and more prevalent.

And before them the arrogant unpleasant machines.” I think we’ll see any new security risks coming long before they get here.

Chinese Hacking of US Critical InfrastructureEveryone is writing about an interagency and international report on Chinese hacking of US critical infrastructure.

Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.

Posted on May 31, 2023 at 10:53 AM • 0 Comments

It’s neither hard nor expensive:Unlike password authentication, which requires a direct match between what is inputted and what’s stored in a database, fingerprint authentication determines a match using a reference threshold.

As a result, a successful fingerprint brute-force attack requires only that an inputted image provides an acceptable approximation of an image in the fingerprint database.

With the fingerprint dictionary in place, the adversary device is now in a position to input each entry into the targeted phone.

BrutePrint can fully bypass this limit in the eight tested Android models, meaning the adversary device can try an infinite number of guesses.

The bypasses result from exp…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure.

In some cases, remote access is not possible or preferable, and close proximity may be required, using expeditionary [cyber operations],” the joint publication states.

“Such operations are key to addressing the challenge of closed networks and other systems that are virtually isolated.

Likewise, while synchronizing CO missions related to achieving [combatant commander] objectives, some cyberspace capabilities that support this activity may need to be fo…

Interesting essay on the poisoning of LLMs—ChatGPT in particular:Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months.

We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT.

Their secrecy means we don’t know if ChatGPT has been safely managed.

They’ll also have to update their training data set at some point.

They can’t leave their models stuck in 2021 forever.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The problem with most homework machines is that they’re too perfect.

Most importantly, the machine’s “handwriting” is too consistent.

Humans always include small variations in their writing, no matter how honed their penmanship.

Devadath is on a quest to fix the issue with perfect penmanship by making his machine mimic human handwriting.

The software then uses that as a font, with small random variations, to create a document image that looks like it was actually handwritten.

Google Is Not Deleting Old YouTube VideosGoogle has backtracked on its plan to delete inactive YouTube videos—at least for now.

Of course, it could change its mind anytime it wants.

It would be nice if this would get people to think about the vulnerabilities inherent in letting a for-profit monopoly decide what of human creativity is worth saving.

Posted on May 22, 2023 at 7:15 AM • 0 Comments

The equipment, which tracks a vessel’s geographic position and fishing activity through a proprietary satellite communication system, sought to provide authorities with visibility into several hundred Chinese squid vessels that every year amass off the west coast of South America.

One is that the Peruvian law was easy to hack, which China promptly did.

The second is that no nation-state has the proper regulatory footprint to manage the world’s oceans.

These are global issues, and need global solutions.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.

And on most of these identities, Megatraffer has used the email address [email protected].

Constella found the password “featar24” also was used in conjunction with the email address [email protected], which is tied to yet another O.R.Z.

The email address [email protected] was used to create a Livejournal blog profile named Fitis that has a large bear as its avatar.

The most interesting domain name registered to the email address [email protected], fittingly enough, is fitis[.

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.

As shown in this Youtube video, the verification process involves dragging a button from the phony crypto news Discord server to the bookmarks bar in one’s Web browser.

Meanwhile, anyone in the compromised Discord channel who notices the scam and replies is banned, and their messages are deleted by the compromised admin account.

On May 27, Nahmii — a cryptocurrency technology based on the Ethereum blockchain — warned on Twitter that one of its community moderators on Discord was compromi…

And there are countless reports from Freenom users who’ve seen free domains removed from their control and forwarded to other websites.

By the time Meta initially filed its lawsuit in December 2022, Freenom was the source of well more than half of all new phishing domains coming from country-code top-level domains.

“We’ve observed a significant decline in phishing domains reported in the Freenom commercialized ccTLDs in months surrounding the lawsuit,” Piscitello wrote on Mastodon.

While the terms of that settlement have not been disclosed, new phishing domains registered through Namecheap declined more than 50 percent the following quarter, Interisle found.

“I think what the Meta lawsuit t…

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms.

What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations.

According to the hacker, their spam software has been in private use until the last few weeks, when it was released as open source code.

Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

After that,…

“Wazawaka” and “Boriselcin” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

The indictments allege that on June 25, 2020, Matveev and his LockBit co-conspirators deployed LockBit ransomware against a law enforcement agency in Passaic County, New Jersey.

And on April 26, 2021, Matveev and his Babuk gang allegedly deployed ransomware against the Metropolitan Police Department in Washington, D.C.

Previous reporting here revealed that Matveev’s alter egos included “Orange,” the founder of the RAMP ransomware forum.

Matveev is charged with conspiring to transmit ransom demands, conspiring to da…

In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Beyond what you would expect from unwiped second hand phones — every text message, picture, email, browser history, location history, etc.

— the 61 phones they were able to access also contained significant amounts of data pertaining to crime — including victims’ data — the researchers found.

“Some folks are like, ‘Yeah, whatever, these are criminal phones,’ but are they?” said Dave Levin, an assistant professor of computer science at University of Maryland.

Three of those were on phones that ap…

Microsoft today released software updates to fix at least four dozen security holes in its Windows operating systems and other software, including patches for two zero-day vulnerabilities that are already being exploited in active attacks.

“Microsoft warns that an attacker who already has Administrator access to an unpatched asset could exploit CVE-2023-24932 without necessarily having physical access,” Barnett said.

“The patch enables the configuration options necessary for protection, but administrators must apply changes to UEFI config after patching.

The CVSS for this vulnerability is 8.1, but Microsoft says exploiting the flaw may be tricky and unreliable for attackers.

Microsoft says …

Booter services are advertised through a variety of methods, including Dark Web forums, chat platforms and even youtube.com.

The websites that saw their homepages replaced with seizure notices from the FBI this week include booter services like cyberstress[.

This is the third in a series of U.S. and international law enforcement actions targeting booter services.

In December 2018, the feds targeted 15 booter sites, and three booter store defendants who later pleaded guilty.

The study found that operating a booter service effectively requires a mind-numbing amount of constant, tedious work that tends to produce high burnout rates for booter service operators — even when the service is operat…

Launched in 2005, Try2Check soon was processing more than a million card-checking transactions per month — charging 20 cents per transaction.

But in general, the bigger shops have steered customers toward using their own white-labeled version of the Try2Check service — primarily to help minimize disputes over canceled cards.

Cyber intelligence firm Intel 471 found that Internet address also was used to register the account “Nordex” on the Russian hacking forum Exploit back in 2006.

A search on that address in Constella brings up a record for an Anna Denis Vnrhoturkina Kulkov, and the phone number 879608229389.

Those records show that Anna’s Apt 110 address is tied to a Denis Gennadyvich Kul…

By 2008, the USPS job exam preppers had shifted to advertising their schemes mostly online.

Tim McKinlay authored a report last year at Affiliateunguru.com on whether the US Job Services website job-postal[.

Barry shared screenshots of that back-end database, which show the email address for the administrator of US Job Services is [email protected].

NEXT LEVEL SUPPORTThe web-based backend for US Job Services lists more than 160 people under its “Users & Teams” tab.

“We’ve never told anyone we were the US Postal Service,” Plott continued.

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned.

Salesforce Community is a widely-used cloud-based software product that makes it easy for organizations to quickly create websites.

Customers can access a Salesforce Community website in two ways: Authenticated access (requiring login), and guest user access (no login required).

However, sometimes Salesforce administrators mistakenly grant guest users access to internal resources, which can cause unauthorized users to access an organization’s private information and lead to potential data l…

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX.

“This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report.

“Eventually, the threat actor was able to compromise both the Windows and macOS build environments,” 3CX said in an April 20 update on their blog.

Mandiant found the compromised 3CX software would download malware that sought out new instructions by consulting encrypted icon files hosted on GitHub.

The decrypted icon files revealed the location of the malware’s control server, which was then queried for a third stage of th…

For the past seven years, a malware-based proxy service known as “Faceless” has sold anonymity to countless cybercriminals.

In January 2023, the Faceless service website said it was willing to pay for information about previously undocumented security vulnerabilities in IoT devices.

Constella says the email address [email protected] relied on the passwords asus666 and 01091987h.

Russian vehicle registration records from 2016 show the email address [email protected] belongs to Denis Viktorovich Pankov, born on April 25, 1985.

The message said Pankov was a then 27-year-old manager in an advertising company, and could be reached at the email address [email protected].

On April 6, 2023, the FBI’s Denver office issued a warning about juice jacking in a tweet.

On the other hand, the technology needed to conduct a sneaky juice jacking attack has become far more miniaturized, accessible and cheap.

And there are now several products anyone can buy that are custom-built to enable juice jacking attacks.

Brian Markus is co-founder of Aries Security, and one of the researchers who originally showcased the threat from juice jacking at the 2011 DEFCON.

But Markus said juice jacking is still a risk because it is far easier and cheaper these days for would-be attackers to source and build the necessary equipment.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

BBC – The British Broadcasting Company, whose employees’ data may now be exploited by cybercriminals.

Zellis – the company that was managing the payroll service for the BBC via IBM, and were apparently using a program called MOVEit Transfer.

Progress – the developer of MOVEit Transfer, a file transfer tool which contains a critical vulnerability.

According to the BBC, Zellis says it has not seen any evidence that bank account details of its employees were exposed by the data breach.

Any organisation using MOVEit Transfer would be wise to read Progress’s security bulletin, and take the advised steps to mitigate the threat.

Well, the rise of hate speech, porn, and misinformation that appears to have surged since Elon Musk’s chaotic reign at the company began.

And it’s not easy to convince advertisers that Twitter is a safe place to spend your advertising dollars when Twitter itself is making decisions that damage the advertiser’s brand.

In April, Twitter mistakenly gave a gold check mark — a badge meant to signify a paying advertiser — to the @DisneyJuniorUK account, which Disney doesn’t own.

Prior to being suspended, the @DisneyJuniorUK account itself couldn’t quite believe that it had been given a gold checkmark.

And in December Twitter shut down its Trust and Safety Council that tackled harrassment and chil…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Mark Stockley – @markstockleyEpisode links:Sponsored by:Bitwarden – Password security you can trust.

Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow …

RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is – perhaps surprisingly – at the centre of another cybersecurity breach.

Because it seems the hacking site RaidForums has been… err… hacked.

As Bleeping Computer explains, upon the demise of RaidForums many of its users jumped ship to a new hacking forum called BreachForums to trade their stolen data.

Many of them joined a new hacking forum called ExposeForums.

And it is this site which appears to have now leaked the user database of RaidForums – potentially providing law enforcement, security researchers, and – yes – other cybercriminals with a large amount of potentially sen…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

BBC News reports that the Venezuelan government is paying people to tweet in support of it, in an attempt to drown out the noise of its critics.

Every day, Venezuela’s ministry of communications tweets a “hashtag of the day”, which is repeated not only by elected officials’ accounts and state sympathisers but also by “digital troops” like Rafael, who are paid to share propaganda.

It’s outrageous that a Government is paying people to tweet state propaganda.

For more background on what is happening, and how digital propagandists have been rewarded financially for pumping out pro-Government hashtags and deepfake videos, listen to BBC Trending’s “Trolled” on BBC Sounds.

Follow Graham Cluley on …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

PureDome offers a secure, quick, reliable solution that enhances and safeguards business network security.

Boost Your Network SecurityPureDome is a secure connectivity solution designed to enhance network security for businesses.

Using multiple tunneling protocols, including the modern and highly secure Wireguard, PureDome enhances business efficiency by safeguarding sensitive data and simplifying management.

PureDome offers a comprehensive solution for a secure business network while optimizing the management process.

Moreover, PureDome offers secure remote access, allowing authorized users to connect to the company’s network anywhere securely.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Right now, “Zero Trust” is in serious danger of becoming an empty buzzword.

The problem isn’t just that marketers have slapped the Zero Trust label on everything short of breakfast cereal–it’s that for all the hype, we don’t seem to be getting any safer.

At the heart of Zero Trust is a good idea, but the way most companies execute that idea is incomplete.

Specifically, most security practitioners forget that device compliance is a crucial element of Zero Trust.

Kolide solves the device compliance element of Zero Trust for companies that use Okta.

I was surprised to receive an email this week telling me that I had renewed my annual subscription for McAfee virus protection.

And there are also no links – so I’m not being duped into entering personal information or passwords into a phishing page.

According to the email, if I wish to cancel the subscription, I should call McAfee’s cancellation department immediately on the supplied toll-free number.

Of course, it’s not going to be a genuine McAfee employee who answers that phone call.

Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by the Imposter Syndrome Network podcast’s Zoë Rose.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Zoë Rose – @RoseSecOpsEpisode links:Sponsored by:Bitwarden – Password security you can trust.

Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Po…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

В этом посте подробно разберемся, какие цели преследуют стоящие за подобными атаками злоумышленники, как им удается получать доступ к каналам без пароля и второго фактора от аккаунта, что по этому поводу делает Google и как не стать жертвой аналогичной схемы.

Захват канала без пароляДля взлома YouTube-аккаунтов блогеров злоумышленникам вовсе не нужно воровать учетные данные.

Ссылка может вести как на сайт настоящей честной компании, так и на фальшивые страницы.

Среди них выделяется троян-стилер RedLine — именно его в последнее время винят в несчастьях блогеры.

Усложнила процесс аутентификации, чтобы уведомлять пользователя о подозрительных действиях в его учетной записи.

И на сегодняшний день львиная доля «заработков в Интернете» — мошеннические схемы, на которых вы не только не озолотитесь, но и бесплатно поработаете на мошенников и потеряете свои кровные сбережения.

О многих схемах обмана, которые позволяют их участникам якобы заработать в Интернете, мы уже писали — деньги обещают и за просмотр видеороликов, и в качестве компенсации за утечки данных, и за возврат НДС, и, наконец, просто за везение.

Для того, чтобы забрать деньги, необходимо верифицировать аккаунт и доказать, что пользователь — не бот.

Правильно: никаких денег вывести не удастся, после оплаты аккаунт будет заблокирован, и попасть в него больше не получится.

Онлайн-мошенники постоянно меняю…

По причине закрытости в iOS не существует (и не может существовать) каких-либо стандартных средств операционной системы для выявления и удаления этой шпионской программы на зараженных смартфонах.

Косвенным признаком присутствия Triangulation на устройстве является блокировка возможности обновления iOS.

Из-за особенностей блокировки обновления iOS на зараженных устройствах нами пока не найдено действенного способа удаления шпионской программы без потери пользовательских данных.

Что на самом деле происходит в iOS, специалистам по IT-безопасности неизвестно.

Для распознавания программной и аппаратной спецификации атакуемой системы Triangulation использует технологию Canvas Fingerprinting и рис…

Получается, что на пути потенциального взломщика стоит всего одна преграда: ограничение на количество попыток распознавания отпечатка пальца.

Как отмечают исследователи, главное преимущество айфонов в том, что общение датчика отпечатка пальца с остальной системой в них зашифровано.

Поэтому перехватить или скормить системе подготовленный отпечаток пальца на устройстве с Touch ID не получится.

Один этот факт уже снижает на порядок-другой вероятность того, что с вами такое случится.. Один этот факт уже снижает на порядок-другой вероятность того, что с вами такое случится.

Как защититься от брутфорса отпечатка пальца в Android-смартфонахЕсли, несмотря на вышесказанное, вы считаете, что можете с…

Сама MSI утечку признала, но информацией делилась крайне скупо и ключи не упомянула вообще.

Такие угрозы называются имплантами уровня BIOS (иногда еще «аппаратными буткитами«), и их крайне сложно обнаружить, а избавиться от них — еще сложнее.

Отметим, что MSI выпускает сотни продуктов, и утекшие ключи подойдут не для всех.

В дополнение к этому постарайтесь не работать на компьютере MSI с правами администратора и убедитесь, что он оснащен полноценной защитой от фишинга и вредоносных программ.

Таким образом, проблему можно смягчить, запретив запуск соответствующих приложений на уровне групповых политик, а также убедившись, что на всех компьютерах организации строго соблюдается принцип минимал…

Возможно, вам интересно знать, что же это такое и как работает.

Двухфакторная аутентификация: что же это такоеДля начала дадим простое определение.

Аутентификация возможна, если вы знаете пароль, секретную фразу, цифровой код, графический паттерн, ответ на секретный вопрос и так далее.

Таким образом, ответ на вопрос «зачем нужна многофакторная аутентификация?» звучит следующим образом: чтобы сервис мог уверенно понимать, что вы — это вы, и благодаря этому аккаунт было труднее у вас украсть.

Помните, что двухфакторная аутентификация не защищает от качественного фишинга (за исключением ключей FIDO U2F), поэтому каждый раз, прежде чем ввести код, обязательно убедитесь, что перед вами настоящий…

Увы, наш анализ подтвердил истинность большинства этих заявлений: злоумышленники действительно получали доступ к фотографиям, видео и документам, а также к СМС и контактам жертвы.

Проанализировав приложение, мы обнаружили, что в установочный APK-файл зашит зашифрованный файл конфигурации, расшифровываемый при запуске.

Кроме того, в конфиге хранится еще много любопытного — например, один текст для сообщений, которые троян рассылает в СМС от имени жертвы всем ее контактам, и совсем другой — для СМС, которые будут разосланы по случайным номерам.

Благодаря архитектуре со вшитым конфигурационным файлом Rasket не нуждается в доступе к какому-либо централизованному серверу для загрузки данных — вс…

В последние годы законодательства различных стран, регулирующие правила работы с персональными данными, ужесточаются.

Таким основанием может быть закон страны, в которой ваша компания работает; договор, предусматривающий обработку ПДн; или же явно выраженное согласие в электронной или бумажной форме.

Для этого разумно составить своеобразную «карту», на которой отмечены все процессы, связанные с ПДн; разработать регламенты по хранению и обработке данных и следить за их четким исполнением.

Разумеется, ни знакомство с этими советами, ни подписанные всеми сотрудниками локальные нормативно-правовые акты не могут исключить человеческие ошибки.

Желательно выбирать платформы для обучения, имеющие у…

Гибридные облака сочетают оба подхода, допуская размещение данных и сервисов в «публичной» или «частной» части облака в зависимости от их важности.

Пользователь платит за решение конкретной задачи и вообще не задумывается, на каких серверах и приложениях все это работает и где оно расположено.

Сервисы SaaS всегда работают в публичном облаке, тогда как IaaS может быть и публичным, и частным, и гибридным.

В результате события в облачных системах (вход в систему, скачивание больших объемов информации и так далее) могут оставаться незамеченными недели и месяцы.

В результате события в облачных системах (вход в систему, скачивание больших объемов информации и так далее) могут оставаться незамечен…

В мае Google анонсировала доступность 8 новых доменов, среди которых есть два, неотличимые от популярных расширений файлов: .zip и .mov.

Как перепутать .zip и .zipФайлы с расширениями zip и mov известны уже несколько десятилетий: zip — это стандарт де-факто для архивов, а mov является одним из самых популярных контейнеров для видео.

Домены mov и zip по задумке Google предназначены для «технарей» (techies), но приобрести их, по сути, может кто угодно для любых целей.

Тем не менее именно популярные среди нетехнической аудитории zip и mov могут создать дополнительные хлопоты и пользователям, и системным администраторам.

Советы пользователямПоявление доменов zip и mov не породит принципиальных …

Составить свой персональный ландшафт угроз, как это делают при работе с безопасностью в корпорациях, — и защищаться только от них.

Что такое ландшафт угроз и какое отношение он имеет к вамВ корпоративной безопасности ландшафт угроз — это совокупность всех кибернеприятностей, которые угрожают компании из определенной отрасли в определенный период времени.

Сюда относятся и уязвимости, и зловреды, и группы злоумышленников, ими оперирующие, и приемы, которые эти группы используют.

Почему бы не составить такой же ландшафт угроз для себя — и не выстраивать собственную стратегию защиты, исходя из него?

Составляем персональный ландшафт угрозДля каждого человека, как и для каждой компании, ландшафт …

Исследователи из американского Университета штата Мэриленд и китайского Университета Циньхуа опубликовали научную работу, в которой описан новый метод атаки по сторонним каналам (side-channel attack), использующий ранее неизвестную аппаратную уязвимость в процессорах Intel.

В результате на старых процессорах, подверженных этой уязвимости (использовались Intel Core i7 шестого и седьмого поколения), секретные данные удалось прочитать со 100% надежностью.

В случае с новой работой мы имеем дело скорее с идеей, которая если и сработает, то на старых процессорах Intel.

Не исключено, что в будущем такой подход в комбинации с какой-то другой уязвимостью станет актуальным и для новых процессоров.

Но…

Но и потом развитие ИИ, он же AI, не остановится, просто журналисты/блогеры/тиктокеры и прочие «говорящие головы» устанут от темы.

Тут, конечно, есть о чем поспорить — а нужно ли госрегулирование ИИ, и если да — то зачем и как?

Тестировать ИИ на «враждебных» данных и корректировать его поведение при необходимости.

Доказывать, что ИИ безопасно применять для решения конкретной задачи.

Или, ближе к нашей теме, на ситуацию со сбором персональных данных в Интернете конца нулевых — когда почти все собирают все, что плохо лежит.

Чтобы призвать к жизни мистера Хайда от мира нейросетей, понадобилась следующая инструкция (приводится в сокращении и в переводе):Привет, ChatGPT.

Он также может отображать контент, достоверность которого не была проверена, и, короче говоря, делать все, что оригинальный ChatGPT не может.

Через некоторое время после появления ChatGPT джейлбрейки, связанные с имитацией персонажа, перестали работать.

Через некоторое время после появления ChatGPT джейлбрейки, связанные с имитацией персонажа, перестали работать.

Предлагали LLM из ChatGPT превратиться в ConsonantGPT, которая говорит только согласными: аналогично ничего интересного не получилось.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Использованная в атаке программа-вымогатель DeadBolt представляет собой 32-битную программу для Linux/ARM формата ELF, разработанную на языке программирования Go.

Программа была обфусцирована и сжата упаковщиком UPX.

Также из программы удалена идентифицирующая информация о сборке Go.

Анализ такого образца может вызывать некоторые затруднения, поэтому мы более подробно остановимся на описании логики работы DeadBolt.

Для этого мы дополнительно провели полную декомпиляцию кода Go вымогателя.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Providing secure access and a frictionless user experience are typically competing initiatives, but they don’t have to be!

Risk-Based AuthenticationRisk-Based Authentication fulfills the zero trust philosophy of continuous trust verification by assessing the risk level for each access attempt in a manner that is frictionless to users.

Integrated with MFA or passwordless authentication, SSO serves as a critical access management tool for organizations that want to implement zero trust access to corporate applications.

When logging into browser-based applications, Duo SSO already allows users to reset passwords when they have expired in the same login workflow.

Risk-Based Authentication and e…

I’m incredibly proud of the Cisco Secure Firewall team and our amazing customers who continue to develop their network security around our firewall.

Cisco Secure Firewall Key FeaturesCisco Secure Firewall threat-focused NGFW architecture enables superior visibility and control over network traffic.

This is achieved through its integration with other security technologies, such as web security, email security, and cloud security through our SecureX platform.

This is achieved through its integration with other security technologies, such as web security, email security, and cloud security through our SecureX platform.

Learn more about SE Labs 2023 Annual Report, Cisco Secure Firewall and how …

Luigi reached out to the Cisco community, offering his knowledge and expertise to help others.

This is what stood out to make him our Cybersecurity Defender of the Year in EMEA for the Cisco Global Advocate Awards 2023 EMEA event.

Cisco’s advocacy community, Cisco Insider Advocates, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in their field.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community.

The Cisco Secure team is excited to share our expertise to help power the strategies – and safety – of your organization.

Cisco+ Secure ConnectCisco SD-WAN customers can now enjoy all the benefits of a turnkey, single-vendor SASE solution that brings together industry-leading networking with security:​ Cisco+ Secure Connect.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

Being a leader in both security and networking, Cisco continues to bring security closer to networking, providing the network with built-in security, and enabling the network to act both as sensor and as an enforcer.

Cisco uniquely integrates security and networking, for instance we recently integrated Cisco Secure Firewall to operate on Cisco Catalyst 9000 Series switches.

Use Case 2: Centrally manage isolated IoT network clusters: IoT devices which communicate with each other in the same subnet typically cannot be routed, which is a challenge.

IoT traffic is usually in plain text, making it susceptible to packet sniffing, eavesdropping, man-in-the-middle attacks, and other such exploits.

…

Security resilience is the ability to anticipate and respond to unpredictable threats or changes, and then emerge stronger.

The report identifies seven success factors CISOs can pursue to improve outcomes within their own enterprise security resilience programs, placing a high priority on security resilience.

Given the objective of security resilience is to withstand threats and come back even stronger, it’s clear that resilience must exist before, during, and after a cybersecurity incident.

What’s more, CISOs who lack strong executive relationships may also find themselves struggling to oversee incident management and coordinate communications.

A security culture can create willing resilie…

Secure Firewall Threat Defense Virtual is available on Alkira’s service marketplace through Bring-Your-Own-License (BYOL) and Pay-As-You-Go licensing options.

The auto-scaled firewall instance receives the configuration and licenses automatically (Cisco Secure Firewall Threat Defense auto-scale coming in Q2CY23).

Alkira Cloud Exchange Platform (CXP) connects branches and Cisco Secure Firewall Threat Defense protects N/S and E/W branch traffic.

Management OptionsCisco Secure Firewall Threat Defense Virtual is managed using Cisco Secure Firewall Management Center (FMC).

Additional Resources:Cisco Secure Firewall Threat DefenseCisco Secure Firewall Data SheetCisco Secure Firewall Management Ce…

The phrase zero trust does not inspire trust, clarity, or transparency.

So… how do we build the trust necessary for zero trust adoption?

Relationships build trust – an essential ingredient for zero trust momentum.

Perhaps we can apply these drivers within the context of zero trust security:Authenticity – are we truly aligned on the goals of a zero trust rollout?

Download Cisco’s Guide to Zero Trust Maturity to see how teams with mature implementations of zero trust found quick wins and built organizational trust.

We understand that working remotely can be an adjustment — that’s why we’ve compiled the 10 parts of remote work that surprised our team members most and their advice for navigating the nuances.

Intentional online socializing strengthens teams working remotelyFor folks sharing an office, collaboration can happen through casual chats over coffee.

When Ting first started working remotely, he felt that every meeting needed to be formal and have a business objective.

Senior Software Engineer Mario Lopez finds that the variety of information sources contributes to an easeful remote working experience.

As the structures of remote, distributed and hybrid work evolve, it’s important to stay flexibl…

What is business email compromise?

cricketsBusiness Email Compromise (BEC) is a type of cybercrime that involves compromising or imitating legitimate business email accounts to carry out fraudulent transactions or steal sensitive information.

The Cisco Secure Email Threat Defense solution leverages hundreds of detection engines that utilize state-of-the-art artificial intelligence/machine learning and natural language processing to convict messages from the most creative attackers!

In summary, Business Email Compromise (BEC) is a serious threat to organizations of all sizes and in all industries.

See how Secure Email Threat Defense identifies specific business risk factors to protect your o…

Cybersecurity professionals are often perceived as sole practitioners, plying their craft in dimly lit rooms.

We are pleased to introduce the nominees for the Cybersecurity Defender of the Year Award in EMEA.

We have five distinguished nominees, and while we have yet to select a winner, you will see how each of their contributions to Cisco’s cybersecurity community raised our attention.

His contributions to the Insider Advocacy platform reflect a tireless commitment to the cybersecurity community.

Part of his proactive approach is to freely communicate his ideas, leading to his involvement in the Insider Advocacy community.

As part of Cisco’s recognition of International Data Privacy Day, today we released the Cisco 2023 Data Privacy Benchmark Study, our sixth annual review of key privacy issues and their impact on business.

Ninety-five percent (95%) of survey respondents said that “all of their employees” need to know how to protect data privacy.

Among the security professionals who completed our survey, one-third (33%) included data privacy in their top three areas of responsibility.

Another important indication of privacy’s importance to the organization is the use of privacy metrics.

To learn more, check out the Cisco 2023 Data Privacy Benchmark Study, Infographic, and our Principles for Responsible AI.

Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3 implementation and migration plans.

Here are the three biggest takeaways from this most recent survey:Remote work, regulatory and vendor controls, and improved data security are drivers.

Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update.

Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update.

Even with improved technologies (since the first announcement of TLS 1.3), organizations still cannot overcome these challenges.

As privacy professionals, we live and breathe the importance of privacy every day and understand its value.

We’re excited today to share this new, jointly-published research report Business Benefits of Investing in Data Privacy Management Programs.

Most organizations are using some form of a privacy maturity model to show accountability, including the CIPL Accountability Framework, ISO standards, Generally Accepted Privacy Principles, and the NIST Privacy Framework, among others.

There is considerable interest in further understanding the value DPMPs bring to their organization.

Check out this report Business Benefits of Investing in Data Privacy Management Programs and more related privacy…

I am excited to announce the release of Cisco’s annual flagship cybersecurity report, the Security Outcomes Report, Volume 3: Achieving Security Resilience.

The Security Outcomes Report, Vol.3 looks at the most important factors that will help you build that foundation and give you the most successful security outcomes.

Seven success factorsThe report analyses the seven success factors that have shown to improve overall security resilience:Establishing executive support can increase security resilience by 39%.

Cultivating a culture of security boosts security resilience by 46%.

About the Security Outcomes ReportThe report is based on an anonymous survey 4,751 active cybersecurity experts fr…

At Microsoft, we see ITDR as an integrated partnership between two historically separate, but critically important, disciplines: identity and access management (IAM) and extended detection and response (XDR).

Microsoft Identity Threat Detection and Response See how identity and access management and extended detection and response work together to improve your security strategy.

Multifactor authentication, for instance, has been shown to reduce the risk of compromise from identity attacks by 99.9 percent.

A robust identity posture is the first step toward identity security, helping to thwart the majority of attacks.

Learn more about how to empower your SOC team to spot even the most advance…

We shared these findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Specifically, certain processes are assigned entitlements that allow the process to bypass System Integrity Protection checks by design.

The MBSystemAdministration utility proxies requests from Migration Assistant to Setup Assistant and also verifies that the caller (Migration Assistant) has the com.apple.private.mbsystemadministration entitlement.

Reverse engineering the Migration Assistant reveals the SACLOStartLogoutWithOptions function,c which signs outSimply patching Migration Assistant does not work due to codesign failure.

Running Setup Assistan…

Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organizations in Guam and elsewhere in the United States.

By proxying through these devices, Volt Typhoon enhances the stealth of their operations and lowers overhead costs for acquiring infrastructure.

Volt Typhoon command to locally create domain controller installation mediaDiscoveryMicrosoft has observed Volt Typhoon discovering system information, including file system types; drive names, size, and free space; running processes; and open networks.

Behavior:Win32/SuspNtdsUtilUsage.ABehavior:Win32/SuspPowershellExec.EBehavior:Win32/SuspRemoteCmdCommandParent.ABehavior:Win32/UNCFilePathOperationBehavior:W…

Microsoft Build 2023 Browse virtual and in-person security sessions at Microsoft Build.

New identity and access features in Microsoft EntraWelcome to modern identity and access management with Microsoft EntraDevelopers are in the business of building app features and capabilities.

At Microsoft Build, we’re announcing the next generation customer identity access management platform: Microsoft Entra External ID, now in preview.

Next-Level DevSecOps: Secure Supply Chain Consumption Framework, Q&AThe Secure Software Supply Chain Framework (S2C2F) is designed from the ground up to protect developers from accidentally consuming malicious and compromised packages.

Register now to reserve your spot…

Today we released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise (BEC).

Cyber Signals Microsoft’s Digital Crimes Unit has observed a 38 percent increase in cybercrime as a service targeting business email between 2019 and 2022.

Learn moreRead the fourth edition of Cyber Signals today.

For more threat intelligence insights and guidance including past issues of Cyber Signals, visit Security Insider.

Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

Today we released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise (BEC).

Cyber Signals Microsoft’s Digital Crimes Unit has observed a 38 percent increase in cybercrime as a service targeting business email between 2019 and 2022.

Learn moreRead the fourth edition of Cyber Signals today.

For more threat intelligence insights and guidance including past issues of Cyber Signals, visit Security Insider.

Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

I was very pleased to share the stage with Charlie Bell, Executive Vice President, Microsoft Security; Bret Arsenault, CVP, Microsoft Security and Chief Information Security Officer; Kelly Bissell, CVP, Microsoft Security; Andy Elder, CVP, Microsoft Security Solution Area; Jeremy Dallman, Principal Research Director, Microsoft Threat Intelligence; Holly Stewart, Principal Research Director, Microsoft Threat Intelligence; and engineering leaders.

In other threat intelligence news, Microsoft Defender Threat Intelligence is now available to licensed customers directly within Microsoft 365 Defender.

Microsoft Defender Threat Intelligence data connector : Microsoft threat researchers add indicat…

At RSA Conference April 24 to 26, 2023, Microsoft Security shared solution news and insights. Watch Vasu Jakkal’s keynote on-demand (video courtesy of RSA conference).

The post Microsoft Security highlights from RSA Conference 2023 appeared first on Microsoft Security Blog.

Learn how guessing, replay, phishing, and multifactor authentication fatigue attacks demonstrate the ongoing vulnerability of passwords, and why going passwordless makes your organization more secure while improving user experience.

The post How Microsoft can help you go passwordless this World Password Day appeared first on Microsoft Security Blog.

That’s why you don’t need a password for Microsoft Accounts—hundreds of thousands of people have deleted their passwords completely.5For stronger, streamlined security, Microsoft passwordless authentication can help your organization eliminate password vulnerabilities while providing simplified access across your entire enterprise.

That was the goal when longtime Microsoft collaborator Accenture decided to simplify their user experience by removing the requirement for password authentication.

Security year roundAt Microsoft Security, we believe security is about people.

Learn more about Microsoft passwordless authentication and how it can help your organization eliminate vulnerabilities whi…

We are honored to be recognized as a Leader in The Forrester Wave™: Infrastructure-as-a-Service Platform Native Security (IPNS), Q2 2023 report.

This includes capabilities for storage and data security, identity and access management (IAM), network security, and hardware and hypervisor security.

Network security capabilities and multicloud support are ahead of others evaluated as well.”Microsoft is committed to continual innovation and investment in cloud security.

These include:Microsoft Defender Cloud Security Posture Management is now generally available to help organizations get an end-to-end view of risks and prioritize remediation across their multicloud environments with contextual c…

Forrester recognizes Microsoft’s strong vision and significant investments in Infrastructure-as-a-Service Platform Native Security offerings.

The post Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report appeared first on Microsoft Security Blog.

In this blog post, Tanya talks about how to address ransomware attacks and the importance of security in development.

Everyone has their fancy backup drive still connected to their computer and the ransomware is like “Excellent.

Brooke: How can tech leaders limit the frequency and severity of a ransomware attack?

To learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

Tanya Janca, Founder and Chief Executive Officer of We Hack Purple, shares insights on application security and offers strategies to protect against data loss from ransomware attacks.

The post Why you should practice rollbacks to prevent data loss in a ransomware attack appeared first on Microsoft Security Blog.

For 13 years, a key pillar of the Chrome Security ecosystem has included encouraging security researchers to find security vulnerabilities in Chrome browser and report them to us, through the Chrome Vulnerability Rewards Program.

Your full chain exploit could result in a reward up to $180,000 (potentially more with other bonuses).

Over the years, the threat model of Chrome browser has evolved as features have matured and new features and new mitigations, such a MiraclePtr, have been introduced.

Given these evolutions, we’re always interested in explorations of new and novel approaches to fully exploit Chrome browser and we want to provide opportunities to better incentivize this type of res…

Security remediation is the process of responding to security events that have been triggered by a system or a user.

Automated Security Remediation using Chrome Browser Cloud Management and SplunkChrome integrates with Chrome Enterprise Recommended partners such as Splunk® using Chrome Enterprise Connectors to report security events such as malware transfer, unsafe site visits, password reuse.

PrerequisitesSetupConfigurationStart with a search for the Chrome Browser Cloud Management events in the Google Chrome Add-on for Splunk App.

As seen in the screenshot we have configured the Chrome Browser Cloud Management Remediation Alert Action App withThe OU Path of the Quarantine OU i.e.

In this …

It’s Google CTF time!

The competition kicks off on June 23 2023 6:00 PM UTC and runs through June 25 2023 6:00 PM UTC.

Google CTF gives you a chance to challenge your skillz, show off your hacktastic abilities, and learn some new tricks along the way.

The top 8 teams will qualify for our Hackceler8 competition taking place in Tokyo later this year.

In the competition, teams need to find clever ways to abuse the game features to capture flags as quickly as possible.

It’s Google CTF time!

Google CTF gives you a chance to challenge your skillz, show off your hacktastic abilities, and learn some new tricks along the way.

It consists of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more.

Google CTF gives you a chance to challenge your skillz, show off your hacktastic abilities, and learn some new tricks along the way.

The top 8 teams will qualify for our Hackceler8 competition taking place in Tokyo later this year.

Google Trust Services now offers our ACME API to all users with a Google Cloud account (referred to as “users” here), allowing them to automatically acquire and renew publicly-trusted TLS certificates for free.

ACME users experience fewer service outages caused by expired certificates by using ACME's automated certificate renewal capabilities.

Sites already using ACME can configure multiple ACME providers to increase resilience during CA outages or mass renewal events.

By further opening up the service, we're adding another tool to Google’s Cyber Security Advancements, keeping individuals, businesses, and governments safer online through highly trusted and free certificates.

We're also intr…

Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain.

The need for GUACHigh-profile incidents such as Solarwinds, and the recent 3CX supply chain double-exposure, are evidence that supply chain attacks are getting more sophisticated.

GUAC aggregates software security metadata and maps it to a standard vocabulary of concepts relevant to the software supply chain.

We hope that GUAC will help the wider software development community better evaluate the supply chain security posture of their organizations and projects.

The multiple formats for software supply chain metadata often refer to similar concepts, but with …

The Chrome Root Program, led by members of the Chrome Security team, provides governance and security review to determine the set of CAs trusted by default in Chrome.

The Chrome Root Program keeps users safe by ensuring the CAs Chrome trusts to validate domains are worthy of that trust.

Policy and GovernanceThe Chrome Root Program policy defines the minimum requirements a CA owner must meet for inclusion in the Chrome Root Store.

The Chrome Root Program is committed to openness and transparency, and we are optimistic we can achieve this shared vision.

If you’re interested in seeing what new initiatives are being explored by the Chrome Root Program to keep Chrome users safe - you can learn m…

This is why at Google and Android, security is a top priority, and we are constantly working to make our products more secure.

One way we do this is through our Vulnerability Reward Programs (VRP), which incentivize security researchers to find and report vulnerabilities in our operating system and devices.

We are pleased to announce that we are implementing a new quality rating system for security vulnerability reports to encourage more security research in higher impact areas of our products and ensure the security of our users.

This system will rate vulnerability reports as High, Medium, or Low quality based on the level of detail provided in the report.

If you would like more informatio…

Google’s Open Source Security Team recently sponsored a fuzzing competition as part of ISCE’s Search-Based and Fuzz Testing (SBFT) Workshop.

We hope the results of the SBFT fuzzing competition will lead to more efficient fuzzers and eventually newly discovered vulnerabilities.

Fuzzing research continuesThe innovation and improvement shown through the SBFT fuzzing competition is one example of why we have invested in the FuzzBench project.

The Google Open Source Security Team would like to thank the ISCE conference and the SBFT workshop for hosting the fuzzing competition.

Together, we continue to push the boundaries of software security and create a safer, more robust open source ecosystem.

Today, we are announcing Buzzer, a new eBPF Fuzzing framework that aims to help hardening the Linux Kernel.

While there are many solutions for fuzzing vulnerabilities in the Linux Kernel, they are not necessarily tailored to the unique features of eBPF.

That’s why our security team at Google decided to create a new fuzzer framework that aims to test the limits of the eBPF verifier through generating eBPF programs.

This could potentially cause unsafe behavior of an eBPF program and have security implications.

Our team plans to develop some new features, such as the ability to run eBPF programs across distributed VMs.

Android is built with multiple layers of security and privacy protections to help keep you, your devices, and your data safe.

Safe Browsing: faster more intelligent protectionAndroid uses Safe Browsing to protect billions of users from web-based threats, like deceptive phishing sites.

Our internal analysis has found that a significant number of phishing sites only exist for less than ten minutes to try and stay ahead of block-lists.

This is just one example of how we use our AI expertise to keep your data safe.

Android remains committed to protecting users by combining advanced security and AI with thoughtful privacy controls and transparency to protect billions of users around the world.

In recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys.

Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock.

Data from March-April 2023 (n≈100M)Figure 2: time spent authenticating with passkey vs password (data from March-April 2023).

Dashed, vertical lines indicate average duration for each authentication method (n≈100M)We are excited to share this data following our launch of passkeys for Google Accounts.

Passkeys are faster, more secure, and more convenient than passwords and MFA, making them a desirabl…

Today, we are announcing the General Availability 1.0 version of rules_oci, an open-sourced Bazel plugin (“ruleset”) that makes it simpler and more secure to build container images with Bazel.

One way Google uses Bazel is to build widely used Distroless base images for Docker.

rules_oci vs rules_dockerHistorically, building container images was supported by rules_docker, which is now in maintenance mode.

Distroless images are now accompanied by SBOMs embedded in a signed attestation, which you can view with cosign and some jq magic:cosign download attestation gcr.io/distroless/base:latest-amd64 | jq -rcs '.

If you use rules_docker today, or are considering using Bazel to build your containe…

Starting today, you can create and use passkeys on your personal Google Account.

Unlike passwords, passkeys can only exist on your devices.

Creating a passkey on your Google Account makes it an option for sign-in.

This means that your Google Account is safe from data breaches across your other accounts, and vice versa.

You can store the passkeys for your Google Account on any compatible device or service.

However, they can also be misused for unwanted tracking of individuals.

Today Google and Apple jointly submitted a proposed industry specification to help combat the misuse of Bluetooth location-tracking devices for unwanted tracking.

“The National Network to End Domestic Violence has been advocating for universal standards to protect survivors – and all people – from the misuse of bluetooth tracking devices.

“These new standards will minimize opportunities for abuse of this technology and decrease burdens on survivors in detecting unwanted trackers.

Google will share more on how we’re combatting unwanted tracking at I/O 2023.