Свыше тысячи онлайн-обманщиков неожиданно для себя поверили в карму.

Грядущая революция в сфере веб-сертификатов затронет миллионы пользователей.

Как активная позиция провоцирует соперника на нарушение прав человека.

Технология использует лазер для передачи данных с самолета на космическую станцию.

Страховые компании не смогут покрыть и пятой части нанесённого ущерба.

Масштабная проблема цепочек поставок затрагивает 813 UEFI-продуктов.

Взлом производителя шпионского ПО раскрыл масштабную шпионскую кампанию по всему миру.

Одна из старейших и самых активных групп получила «золотой статус» в киберпреступном мире.

Квест длиной в четыре десятилетия завершен.

Теперь авторы смогут отслеживать использование своих работ в обучении ИИ.

Как заманчивое предложение от инвесторов обернулось для платформы полным крахом.

Фундаментальные принципы аутентификации устройствАутентификация устройств в IoT, корпоративных сетях, облачных инфраструктурах держится на четырёх принципах:Защита доступа к аутентификационным данным (конфиденциальность).

Этот метод даёт высокую производительность шифрования на современных процессорах для ПК и мобильных устройств, а также приемлемую скорость на микроконтроллерах и устройствах IoT.

Методы аутентификации устройствМожно выделить шесть основных методов аутентификации устройств: на основе ключей, сертификатов X.509, токенов, геолокации, взаимной и репутационной проверки.

Сервер показывает свой сертификат для подтверждения своей идентичности, а клиент, в свою очередь, может испол…

В Start REQ аналитики, разработчики и эксперты по ИБ вместе работают на этапах планирования, создания архитектуры и дизайна приложений.

Как выглядят требования в Start REQВ предустановленной базе хранятся требования из более чем 150 источников.

Структура требований по информационной безопасности в Start REQСпециалисты Start REQ переводят сложные описания требований регуляторов и лучших практик на понятный язык безопасности и разработки.

Настройки интеграции Start REQ с JiraИнтеграцию администратор настраивает в анкете автоматизированной системы, в каждом поле выбирая значение из выпадающего списка.

Например, пользователи из группы администраторов в Active Directory получат те же права и в S…

Мировой рынок служб каталоговСогласно данным Frost & Sullivan, около 90 % от тысячи крупнейших американских компаний используют Microsoft Active Directory в качестве основного инструмента аутентификации и авторизации пользователей.

Российский рынок служб каталоговВ 2022 году стала очевидной необходимость импортонезависимых и надёжных разработок в области ИТ и ИБ, в т. ч. альтернатив Microsoft Active Directory.

Продукт состоит из двух модулей: «Служба каталогов» и «Менеджер службы каталогов».

«Эллес» может функционировать в одном домене Active Directory с контроллерами на ОС Windows Server, не требуя миграции объектов каталога.

При выборе альтернативы Microsoft Active Directory важно учитыва…

Архитектура «Континента 4.1.9» в режиме UTMТакая архитектура обеспечивает надёжную защиту, удобство и гибкость в управлении.

Составляющие «Континента 4.1.9»В NGFW «Континент 4.1.9» входит ряд компонентов, при помощи которых обеспечивается высокая степень защиты.

Схема применения «Континента 4.1.9» в отслеживании вторженийВ реализации функции помогают автоматически обновляемые базы решающих правил.

Малые платформыНазвание IPC-R10 IPC-R50 Устройств под управлением ЦУС До 5 До 10 Производительность UTM, Мбит/с До 630 До 1000 Производительность МЭ, Мбит/с До 1800 До 2700 Производительность VPN, Мбит/с До 250 До 350 Производительность L2 IPS, Мбит/с До 150 До 900Таблица 2.

Средние платформыНазва…

Такой подход помогает снизить нагрузку на оператора MaxPatrol SIEM и повысить качество принимаемых экспертами решений.

Кроме того, модуль BAD может выступать вторым эшелоном защиты — инструментом, который осуществляет параллельно с MaxPatrol SIEM потоковую обработку входящих событий и предоставляет «второе мнение».

Отслеживание состояния источников событий и потока поступающих от них данных — одна из первоочередных и постоянных задач службы отвечающей за мониторинг ИБ.

С мониторингом источников 2.0 в MaxPatrol SIEM возможна гибкая настройка:контроля активности источника,контроля потока событий от источника,контроля задержки,контроля потока событий в схемах развёртывания MaxPatrol SIEM с нес…

JumpServer — это система управления привилегированным доступом (PAM) с открытым исходным кодом от китайского разработчика Fit2Cloud.

Поговорим сегодня о PAM-системе с открытым исходным кодом JumpServer от китайского разработчика Fit2Cloud.

Здесь и в странах СНГ продукт представляет официальный дистрибьютор AFI Distribution.

Через API можно выполнять тот же набор действий, что и в веб-интерфейсе JumpServer (настройка политики доступа, мониторинг и аудит подключений, отправка оповещений, формирование отчётов и др.).

Стоимость технической поддержки JumpServer Community Edition составляет 1,5 млн рублей за каждый экземпляр JumpServer в год (без ограничений на общее количество пользователей и це…

Как определить проблемы, которыми нужно заниматься в первую очередь, и не утонуть в потоке баг-репортов?

Без практики разрешения таких ситуаций сотрудники из службы ИБ могут совершить действия, которые негативно повлияют на репутацию компании в глазах экспертного сообщества.

Если у компании есть укомплектованный штат подразделения по безопасности приложений с опытом сопровождения программ баг-баунти, триаж может быть внутренним.

Поэтому мы пытаемся одновременно воспроизвести уязвимость и понять, как можно её обнаружить и на каком этапе произошла ошибка.

Триаж с помощью экспертов Positive Technologies позволяет ускорить верификацию уязвимостей и в целом управлять ими более эффективно.

Важно не только знать, как технически обеспечить безопасность, но и понимать, как ИБ влияет на бизнес-цели и операции.

Типы курсов повышения квалификацииАвторы учебных курсов предлагают различные форматы обучения для удовлетворения многообразных потребностей профессионалов в обновлении знаний и навыков.

Эти характеристики делают онлайн-курсы и сертификации эффективными и привлекательными для повышения квалификации и профессионального развития.

Очные программы и тренингиОчные программы и тренинги играют важную роль в профессиональном развитии.

Она предлагает как базовые, так и специализированные программы по ИБ, которые могут быть полезны для углублённого изучения отдельных аспектов безопасн…

Плавное введение новшеств и систематическое наблюдение помогают поддерживать устойчивость системы и оперативно реагировать на возникающие угрозы.

Грамотно проведённый анализ и своевременное обнаружение уязвимостей не только предотвращают возможные инциденты, но и способствуют укреплению безопасности всей системы в целом.

Тестирование измененийИзменения сначала проверяются на ограниченном количестве систем для оценки воздействия и для выявления возможных проблем.

Пентест (Penetration Testing): симуляция кибератак на сетевую инфраструктуру выявляет слабые места и проверяет системы на способность противостоять реальным угрозам.

В конечном итоге, гибкость и адаптивность стратегий харденинга опр…

Ситуация на рынке систем резервного копированияСпрос на системы резервного копирования и восстановления данных на российском и мировом рынках продолжает расти.

Динамика роста рынка систем резервного копирования (фрагмент отчёта Business Research Insight)Причины роста востребованности систем резервного копирования и восстановления данных:усиление киберугроз (в том числе политически мотивированных);увеличение количества заражений программами-шифровальщиками;сохранение вероятности технических сбоев и взломов, приводящих к уничтожению данных;развитие облачных решений.

Обзор российских систем резервного копирования и восстановления данныхСчитается, что российские решения для резервного копирован…

Какова роль «Кода Безопасности» и продукта vGate в этом процессе?

Как отметил Фёдор Дбар, совместимость новых версий vGate с VMware, безусловно, останется.

Цель vGate — настроить систему так, чтобы можно было «понимать» трафик не только на сетевом уровне (L3 и L4), но и на прикладном (L7).

Сервисы распределённого NGFW в составе будущей версии vGate 5.1Если говорить упрощённо, vGate поставит перед каждой виртуальной машиной свой «маленький NGFW».

Применение распределённого NGFW в будущей версии vGate 5.1ВыводыНесмотря на выпуск лишь минорной версии vGate, в новом продукте уже заложен новый функциональный набор, который далее будет расширен «распределённым NGFW».

Схема работы команды Kaspersky MDR над инцидентомИнцидент может быть переведён в состояние «закрыт» как командой Kaspersky MDR, так и самим клиентом.

От уровня критической значимости инцидента зависит нормативное время реакции команды Kaspersky MDR, определённое соглашением об уровне сервиса (SLA).

Системные требования Kaspersky MDRДля работы с Kaspersky MDR необходимо обеспечить соблюдение всех системных требований.

Сценарии использования Kaspersky MDRРассмотрим далее применение решения Kaspersky MDR в различных ситуациях.

Интеграция Kaspersky MDR в существующую систему управления инцидентамиИнтеграция Kaspersky MDR с развёрнутой на стороне клиента собственной системой управления инцидента…

Тогда BlackCat и LockBit посмеялись над неудачей своего конкурента.

На этой волне два конкурента — BlackCat и LockBit — решили объединиться против общего заклятого врага: западных правоохранительных органов.

Многословие и самооправдание спикера подтвердили, что по LockBit был нанесён серьёзный удар, владельцы «партнёрки» в первое время явно были напуганы.

LockBit сохранила часть партнёров и с остервенением стала атаковать по всему миру, выйдя снова в лидеры по количеству атак.

Операцию «Кронос» нельзя считать успешной, деятельность LockBit не прекращена, победные реляции ФБР и других не соответствуют действительности.

Новое в Solar inRightsС момента выхода предыдущего обзора Solar inRights была доработана как в части основной функциональности, так и в отношении пользовательского опыта, возможности интеграции, обеспечения мер безопасности.

Для упрощения интеграции и для оптимизации внедрения разработан универсальный коннектор, а также реализованы продуктовый коннектор и шаблон для подключения к системе доменных каталогов ALD Pro.

В экранном отчёте представлены Ф. И. О. и информация о трудоустройстве: должность, подразделение и статус.

Карточка пользователя с основной информациейВ левой части функционального пространства карточки расположены фотография, статус, Ф. И. О. и суммарный уровень риска.

Оформлени…

Обзор будет посвящён передовым технологиям, применяемым в InfoWatch Traffic Monitor 7.9, а также в модулях InfoWatch Vision, InfoWatch Activity Monitor, InfoWatch Data Discovery и InfoWatch Prediction, объединённых в общем интерфейсе центра расследований.

Карточка расследованияПри проведении расследования мы использовали данные из различных продуктов и модулей InfoWatch по защите данных.

Для решения этой проблемы в InfoWatch Traffic Monitor используется программный модуль ActiveSync Adapter, который обеспечивает синхронизацию почты на Exchange-сервере и мобильном устройстве.

Поиск событий по ключевым словам в InfoWatch Traffic MonitorПо итогам поиска можно увидеть, кто и на каких ресурсах р…

19 июля 2024 года многие из нас проснулись и увидели новости, что Windows сломался, и все очень плохо.

В общем виде схема Windows выглядит так:Из нее видно, что в привилегированном режиме работают драйверы физических компонентов, ядро Windows и файловая система.

Чтобы получить WHQL, разработчики тестируют драйвер на платформе Windows HCK и отправляют журналы тестов в веб-службы Windows Quality Online Services.

При этом переменная STEAMROOT содержала $PWD, что в итоге распознавалось системой как rm -rf "/"*.

И дело тут не в Windows или Linux.

И не отвечает на мой главный вопрос - есть ли у заказчика деньги на покупку моего приложения, качество которого я докажу за счёт багбаунти.

Открытия в малом бизнесеТак сложилось, что в окружении есть часть системных администраторов, которые поделились процессами ИБ внутри их компаний.

Так как решили действовать сверху, нужно понят, сколько вообще таких компаний есть в РФ.

Однако и тут есть исключения, например возможность считаться средним бизнесом не по доходу, а по численности сотрудников.

При этом есть упоминание, что для среднего бизнеса такой уровень затрат - около 13% от годового бюджета на IT.

Так же дам ссылку по которой можно посмотреть слепок своего браузера и любой другой бот программы: желающие могут "поиграть" на досуге.

Распространенные методы борьбы с вредоносным трафиком включают в себя следующие пункты:Анализ фингерпринта визита на соответствие реальным существующим устройствам.

Отличный метод, если в качестве поведения использовать факт оплаты реальными деньгами.

Для проверки слепка программы доступа на сайт есть специальный чекер - вот он: https://killbot.ru/snpsht.htmlЕсли перейти по ссылке, то вы увидите число - это слепок вашего браузера.

При этом, слепок бот программы, которая автоматизирует действия браузера хром, будет отличаться несмотря на то, что бот может по…

Так однозначно к нему, это он тут главный по информатике (штатный 1С-ник не в счёт).

На планете Земля, в душных и кондиционированных офисах, на производствах и в больницах, на удалёнке и в серверной злые и порой недалёкие пользователи делают больно иначе: доводят системных администраторов до белого каления своими действиями и без алмазной пыли.

А ещё облако и софт в облаках нельзя сломать, поэтому можно делать всё что угодно, вносить данные левой пяткой, удалять таблицы, изменять существующие настройки.

Не забудьте засечь время его нахождения на территории и просрочить оплату, особенно если он самозанятый.Руководитель, помни и не дай себя обмануть!

!Конечно, это всё чёрный айтишный юмор ко …

Open-source LLMВ мире появляется ряд производительных генеративных моделей с открытым кодом, в том числе и в России, причём как от крупных компаний, так и от отдельных исследователей.

И совсем недавно, на днях, вышла усовершенствованная Saiga 3, созданная тем же разработчиком, что и Saiga 2, и как не сложно догадаться, созданная на основе LLaMA 3 и Mistral.

В связи с этим необходимо оценивать модель на устойчивость к различным атакам, выявлять уязвимые места и применять отдельные методы защиты.

Во-вторых, система может быть взломана злоумышленником с целью совершения атаки и введения модели в заблуждение.

При использовании таких приложений, как ассистенты с ИИ на основе больших языковых мод…

Также в коде есть указатель (local_14) на функцию и проверка (if), не является ли local_14 - NULL.

Делаем поиск по strings:Кликаем по строчке с "code flow successfully changed" и смотрим адрес инструкции "push ebp" (З.Ы.

Это начало функции "win".

Давайте посмотрим на наш "пейлоад", который мы подадим на стандартный поток ввода (stdin):64 байта "A" + адрес инструкции "push ebp" в LEЭксплуатируем.

Указатель изменён и мы попали в функцию "win" (о чем говорит сообщение "code flow successfully changed"):Всем спасибо за внимание!

Дополнительная информация о тактике и технике для анализа поведения злоумышленника и в дальнейшем улучшения кибербезопасности в инфраструктуре.

Внедрение Xello Deception и интеграция с другими системамиВнедрение Xello Deception — процесс несложный, но требующий системного подхода.

Для просмотра детальной информации о приманках и перечня протоколов на хосте нужно выбрать хост и нажать на < (Рисунок 44).

Xello Deception мы поднимали в инфраструктуре Цифрового двойника, выставленного в рамках PHD.

Xello Deception: сканы на RealOS TrapsЗаключениеВ заключение хочу сказать: трудозатраты на внедрение Xello Deception небольшие, но при этом значительно ускоряется процесс обнаружения злоумышленников …

Так, хранение персональных данных и другой конфиденциальной информации на общедоступных ресурсах явно нарушает требования 152-ФЗ и других нормативных документов (98-ФЗ, 149-ФЗ, 230-ФЗ и другие).

Объектами контроля систем класса DAG могут быть файловые серверы и сетевые хранилища, корпоративные и совместные порталы, ящики электронной почты и папки в облачных сервисах.

В дополнение к функциям и задачам DAG системы DCAP в автоматическом режиме выявляют и исправляют проблемы с хранением и использованием данных, поддерживают алгоритмы поведенческого анализа и интеграцию с решениями DLP и IdM/IAM.

только постфактум, поэтому системы DAG не заменяют DLP, которая предотвращает утечки во время попытк…

Замена терминов и сущность процессов«вход» (login) — речь идет об информации, которую пользователь вводит для получения доступа к системе;— речь идет об информации, которую пользователь вводит для получения доступа к системе; «разрешение» (permission) — отображает уровень доступа.

Усугубляет ситуацию тот факт, что в английском языке оба слова часто сокращают до простого.

В то время как новые обозначения действительно упрощают понимание на базовом уровне, они не передают весь смысл и сложность процессов контроля доступа.

Проблема кроется в том, что не все понимают разницу в сущности процессов, а не сами термины.

Например, в Великобритании приняли решение запретить компаниям-производителям см…

Обо всём по порядку…Первый поврежденный файл, который я просмотрел, содержал всего лишь PDF-файл с рекламой.

Кто-то сдавал в аренду костюм в виде кегли для боулинга:Другой файл назывался bobs_car.wsz и, как и было заявлено, содержал в себе фотографию той самой «Машины Боба», как я предполагаю.

Письмо было очень трогательным, но он попросил не делиться скином публично, поэтому я не буду его выкладывать.

Другой скин содержал текстовый файл с сотнями пустых строк, а затем, в самом низу, текст:YOU HAVE FOUND THE SUPRISE!!!

54 из них еще не были в музее скинов, так что я их туда загрузил.

При создании динамических планов реагирования должны быть сформулированы и учитываться критерии, которые будут подтверждать качество разработанного алгоритма действий для решения конкретного типа инцидента информационной безопасности.

Исходя из определенной выше области управления инцидентами, мы можем выделить следующие базовые метрики качества планов реагирования.

Данный этап включает в себя противодействие атакующему и выполнение действий по реагированию, релевантных данному объекту, ограниченных идентифицированной техникой атаки.

Использование системы ранжирования действийСистема ранжирования предполагает использование метода статистического моделирования в построении динамических плейб…

Для чего это нужноКонвертация сообщений между брокером и REST упрощает прием и отправку сообщений без использования нативных протоколов или клиентский приложений брокеров сообщений:Возможные варианты использования:Асинхронное взаимодействие между сервисами.

Конвертация REST запросов в сообщения брокера способствует ослаблению связи между сервисами, способствует увеличению производительности и устойчивости к ошибкамСбор логов.

В статье мы настроим шлюз с открытым исходным кодом OpenIG для конвертации сообщений брокера в REST и обратно.

Добавьте Kafka listener в массив heap OpenIG и создайте маршрут, который будет слушать сообщения Kafka и перенаправлять их на конечную точку HTTP (вы можете т…

В 80-е годы большую часть информации передавали через дискеты, а не по сети, но уже тогда появились первые компьютерные вирусы.

Работа Avira не ограничивалась обслуживанием частных пользователей.

Ложная тревогаДаже популярные версии антивирусов не застрахованы от ложных сигналов тревоги и Avira не стала исключением.

Компания лишь ненадолго задержалась у новых владельцев — в декабре 2020-го ее перепродали NortonLifeLock — бывшему подразделению Symantec, занимающемуся выпуском ПО в сфере информационной безопасности.

11 марта 2022 года антивирусные программы Avira перестали работать на территории России из-за санкций со стороны Евросоюза и стран Запада.

Меня зовут Петр Уваров, я руководитель направления Bug Bounty в VK.

Что сейчас происходит с рынком Bug Bounty в России?

Давайте посмотрим на статистику программ Bug Bounty в России с конца 2022 года.

Кстати, уникальный мерч — это как раз одна из наших фишек в Bounty pass , но об этом, пожалуй, в другой раз.

Количество новых компаний будет и дальше расти, так же как и количество багхантеров.

Путевые заметки расположены не в хронологическом порядке, но в логически связанном.

Но изменения были необходимы ввиду тотальной неэффективности механистического подхода к ИБ как к разновидности физической охраны —только с компьютерами вместо перцовых баллончиков.

Стандарт ISO 27001:2013 отвечал на этот вопрос, пусть и в своеобразной манере, а широкая практика его внедрения позволяла прикинуть, как это работало на практике.

Приблизительно в 2001 году за рубежом появились первые упоминания о новой категории специалистов в ИБ, Business Information Security Officer.

Институт бизнес-партнёров должен положительно влиять и на уровень защищённости продукта и процессов, и на ТТМ.

Французская полиция и Европол сообщили, что распространяют «решение для дезинфекции», которое автоматически удаляет малварь PlugX с зараженных устройств во Франции.

В результате эксперты Sekoia разработали механизм очистки зараженных устройств, который использует кастомный плагин для PlugX, устанавливаемый на зараженные устройства и дающий вредоносу команду на самоуничтожение.

Так как удаление PlugX с зараженных устройств могло повлечь за собой юридические последствия, исследователи поделились своими решениями с правоохранительными органами.

В связи с Олимпийскими играми 2024 года, которые стартуют в Париже на этой неделе, французские власти, признали неприемлемым риск, исходящий от 3000 за…

А в Роскомнадзоре прокомментировали, что «неуважение к нашей стране и гражданам являются основанием для принятия мер в отношении YouTube».

В компании снова сообщили, что ответственность за это «несет корпорация Google (владелец видеохостинга YouTube), которая с 2022 года не занимается расширением и обновлением своего оборудования в России, обеспечивающего работу системы Google Global Cache», и проблемы с YouTube возникают из-за «износа и исчерпания мощности оборудование Google не в состоянии справляться с существенно выросшим интернет-трафиком».

Повторял и повторяю: дальнейшая судьба YouTube в России – в его руках.

Прокомментировали ситуацию с замедлением YouTube и в Роскомнадзоре (РКН).

По…

Разработчики Docker выпустили обновление для устранения критической уязвимости в некоторых версиях Docker Engine.

Изначально проблема была обнаружена и исправлена в Docker Engine 18.09.1, выпущенном еще в январе 2019 года.

Однако по неизвестной причине это исправление не было перенесено в более поздние версии, в результате чего уязвимость проявилась вновь.

В результате на этой неделе были опять выпущены патчи для всех поддерживаемых версий Docker Engine.

Также сообщается, что последняя версия Docker Desktop (4.32.0) тоже оснащена уязвимой версией Docker Engine, но влияние проблемы ограничено, так как для эксплуатации требуется доступ к API Docker, и любое повышение привилегий ограничено вир…

Боль­шинс­тво домаш­них ком­пов, как извес­тно, работа­ют под управле­нием Windows, а с родитель­ским кон­тро­лем в этой сис­теме все неод­нознач­но.

Вы­вод нап­рашива­ется оче­вид­ный: нуж­но при­учать юное поколе­ние к Linux в виде самого популяр­ного дис­три­бути­ва — Ubuntu.

Пос­коль­ку наруши­теля мы зна­ем бук­валь­но с пеленок, это добав­ляет опре­делен­ные штри­хи как к его поведе­нию, так и к воз­можным мерам про­тиво­дей­ствия.

А с уче­том того, что руки нынеш­ней молоде­жи заточе­ны под чатики и тик­токи, эту угро­зу мож­но счи­тать нез­начитель­ной.

Не в силу архи­тек­турных осо­бен­ностей сис­темы, а потому, что они нуж­ны для уче­бы.

Chrome будет предупреждать пользователей о загрузке потенциально опасных файлов, защищенных паролем, а также предоставит более подробные сведения о загрузке потенциально вредоносных файлов.

Разработчики рассказали, что новые, более подробные предупреждения призваны помочь пользователям быстрее оценить уровень опасности, которую представляют любые загружаемые из интернета файлы.

Для этого Google внедряет двухуровневую систему предупреждений, которая будет использовать данные о вредоносном ПО, полученные из Safe Browsing и обработанные ИИ.

Если же пользователь использует Chrome в режиме Standard Protection, ему тоже будет предложено указать пароль для загруженного архива.

Но при этом и файл, …

Исследователи подсчитали, 68% атак на компании России и других стран СНГ в 2023 году начиналось именно с фишинговых рассылок.

В первом полугодии 2024 года этот показатель вырос до 76%, и чаще всего злоумышленники маскируют свои письма под финансовую документацию (например, счета и платежные документы).

Также около 4% фишинговых рассылок приходит в компании под видом сообщений от различных регуляторов.

Так, PDF‑файл из письма от Bloody Wolf достоверно имитировал официальное уведомление о необходимости устранить некие нарушения.

Исследователи напоминают, что похожие схемы применяла Scaly Wolf для атак на российские промышленные и логистические компании, Mysterious Werewolf — для атак на предп…

Эксперты компании Binarly, обнаружившие проблему PKfail, сообщают, что уязвимые устройства используют криптографические тестовые «мастер-ключи» для Secure Boot, также известные как Platform Key, созданные компанией American Megatrends International (AMI).

«OEM-производители и поставщики устройств зачастую не заменяют Platform Key, управляющий базами данных Secure Boot и поддерживающий всю цепочку доверия от прошивки к операционной системе.

Однако еще в 2022 году некто, опубликовал в публичном репозитории GitHub Platform Key (его приватную часть в зашифрованном виде).

«Первая прошивка, уязвимая для PKfail, была выпущена в мае 2012 года, а последняя — в июне 2024 года.

Для борьбы с PKfail про…

Исследователи пишут, что это первый случай обнаружения настолько хорошо организованной и крупной преступной схемы, работающей через GitHub.

«Кампании, проводимые Stargazers Ghost Network, и вредоносное ПО, распространяемое через этот сервис, чрезвычайно успешны, — гласит отчете Check Point.

— За короткий промежуток времени тысячи жертв установили ПО из легитимных на первый взгляд репозиториев, не подозревая о злом умысле.

В ответ на это Stargazer Goblin обновляет фишинговый репозиторий первого типа аккаунтов ссылкой на новый активный вредоносный релиз.

В Check Point рассказывают, что обнаружили на YouTube туториал для неназванного ПО, который ссылался на один из GitHub-репозиториев Stargaze…

По его словам, до конца текущей недели скорость загрузки YouTube на десктопах может снизиться до 40%, а к концу следующей — уже до 70%.

«До конца текущей недели скорость загрузки YouTube на стационарных компьютерах может снизиться до 40%, а к концу следующей — уже до 70%.

Это связано, впрочем, не только с действиями властей, но и с наплевательством ресурса к своей корневой инфраструктуре, которую он уже давно технически не сопровождает.

Поэтому дальнейшая судьба YouTube в России зависит исключительно от него самого.

Если администрация ресурса не изменит свою политику и не начнет соблюдать наши законы, ничего хорошего — его здесь не ждет.

Северокорейский хакер выдал себя за инженера-программиста, обошел все проверки при приеме на работу и устроился в KnowBe4.

KnowBe4 сообщает, что все началось с того, что ее команда безопасности обнаружила подозрительную активность, исходящую с рабочей станции недавно нанятого инженера-программиста.

В KnowBe4 обнаружили происходящее 15 июля 2024 года, когда антивирусное ПО отправило предупреждение об аномальной активности на машине нового сотрудника.

Так как инсайдер пытался развернуть на машине инфостилер, нацеленный на данные, хранящиеся в браузерах, предполагается, что он надеялся извлечь информацию, оставшуюся в системе от прошлого владельца.

Прежде чем нанять инсайдера на работу, KnowBe…

В этой статье я рас­ска­жу, как самос­тоятель­но обхо­дить обфуска­цию JavaScript в тех слу­чаях, ког­да не помога­ют даже нес­тандар­тные деоб­фуска­торы.

Мы рас­смот­рим метод иссле­дова­ния запутан­ного кода и напишем свой собс­твен­ный деоб­фуска­тор.

Объ­ем его сос­тавля­ет око­ло трех мегабайт, при­мер­но три чет­верти из которых занима­ет жес­тко обфусци­рован­ный код, начина­ющий­ся так, как показа­но на сле­дующем скрин­шоте.

Одна­ко попыт­ка деоб­фуска­ции его стан­дар­тным онлайн‑деоб­фуска­тором при любых нас­трой­ках не при­носит положи­тель­ного резуль­тата: чита­емый код в пра­вом окне прос­то не появ­ляет­ся.

Авто­мати­чес­ки деоб­фусци­ровать подоб­ный код уме­ет про­ект we…

Компания CrowdStrike, по вине которой на прошлой неделе миллионы компьютеров под управлением Windows вышли из строя, в качестве извинений предложила своим партнерам подарочную карту Uber Eats номиналом 10 долларов.

Напомним, что в конце прошлой недели обновление enterprise-решения CrowdStrike Falcon Sensor привело к тому, что миллионы Windows-систем показали «синий экран смерти» (BSOD).

Как сообщило вчера издание TechCrunch, в CrowdStrike решили поддержать всех тех, кто был вынужден работать сверхурочно из-за случившегося.

Сразу несколько источников сообщили журналистам, что получили письмо от CrowdStrike, в котором им предложили подарочную карту доставки еды Uber Eats «за дополнительную ра…

Эксперты компании ESET предупредили, что злоумышленники пользуются популярностью игры Hamster Kombat и распространяют среди игроков фальшивые приложения для Android и Windows, которые приводят к установке шпионского ПО и инфостилеров.

«Популярность Hamster Kombat делает ее подходящей для злоупотреблений, поэтому велика вероятность того, что в будущем игра привлечет еще больше злоумышленников», — говорят исследователи ESET.

Кроме того, несмотря на тот факт, что Hamster Kombat – мобильная игра, было обнаружено, что инфостилер Lumma атакует пользователей Windows под видом ботов для Hamster Kombat.

— Мы обнаружили в репозиториях три различные версии приманок, содержащих стилер Lumma: приложения…

Представители «Ростелеком» сообщили СМИ, что фиксируют ухудшение качества загрузки видео на YouTube, особенно в форматах высокого разрешения, а также отмечается рост жалоб пользователей на качество работы сервиса.

«Как и сообщалось ранее, служба технического мониторинга "Ростелекома" начала фиксировать ухудшение качества загрузки видео YouTube, особенно в форматах высокого разрешения (HD, 4K).

Также отмечен рост обращений в службу технической поддержки компании с жалобами на "качество работы" YouTube"», — сообщают в пресс-службе компании.

В «Ростелекоме» напомнили, что «о вероятности возникновения в ближайшее время технических проблем со скоростью загрузки видео YouTube» предупреждали еще 1…

В сети опубликована полная база данных первой версии хакерского форума BreachForums.

Напомним, что весной 2023 года правоохранители закрыли BreachForums в первый раз, и вскоре 20-летний администратор и создатель ресурса, Pompompurin, был арестован.

Вскоре публикации данных DC Health Link, в марте 2023 года ФБР арестовало владельца форума Конора Брайана Фитцпатрика (Pompompurin) и BreachForums закрылся.

Считается, что Фитцпатрик создал и продал БД, теперь попавшую в открытый доступ, еще в июле прошлого года, когда его выпустили под залог.

Еще в то время БД попала в руки специалистов агрегатора утечек Have I Been Pwned (HIBP) и была добавлена в его базу, однако в открытый доступ дамп просочил…

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

The phishing kit is priced anywhere between $150 and $900 a month, whereas the bundle including the phishing kit and Android malware is available on a subscription basis for about $500 per month.

As many as 288 phishing domains linked to the activity have been identified to date.

These calls typically masquerade as originating from a bank, instructing them to provide their two-factor authentication (2FA) codes, install malicious apps, or perform other arbitrary actions.

Phishing kits, which also come …

Enter Offensive AI, the most dangerous cyber weapon to date.

While developing more sophisticated offensive AI tools and techniques is far from morally commendable, it continues to emerge as an inescapable necessity.

The unfortunate reality is that bad actors are already leveraging offensive AI to innovate and deploy new threats.

Because of this, the future of cybersecurity lies in the further development of offensive AI.

This workshop will be a great introduction to my new course, SEC535: Offensive AI - Attack Tools and Techniques, to be released at the beginning of 2025.

The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world.

Targets of the campaign include two U.S. Air Force bases, NASA-OIG, as well as South Korean and Taiwanese defense contractors and a Chinese energy company.

Other recent targets of interest encompass South Korean educational institutions, construction companies, and manufacturing organizations.

"They use Windows command line, PowerShell, Windows Ma…

Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining.

Selenium Grid, part of the Selenium automated testing framework, enables parallel execution of tests across multiple workloads, different browsers, and various browser versions.

However, it involves the threat actor targeting publicly exposed instances of Selenium Grid and making use of the WebDriver API to run Python code responsible for downloading and running an XMRig miner.

It starts with the adversary sending a request to the vulnerable Selenium Grid hub with an aim to execute a Python program containing a Base64-encoded …

CrowdStrike is alerting about an unfamiliar threat actor attempting to capitalize on the Falcon Sensor update fiasco to distribute dubious installers targeting German customers as part of a highly targeted campaign.

"The installer contains CrowdStrike branding, German localization, and a password [is] required to continue installing the malware."

Furthermore, the presence of the German language suggests that the activity is geared towards German-speaking CrowdStrike customers.

The development comes amid a wave of phishing attacks taking advantage of the CrowdStrike update issue to propagate stealer malware -A phishing domain crowdstrike-office365[.

"Firstly, on July 16 at around 22:00 there…

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution.

The vulnerability, tracked as CVE-2024-6327 (CVSS score: 9.9), impacts Report Server version 2024 Q2 (10.1.24.514) and earlier.

"In Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability," the company said in an advisory.

As temporary mitigation, it's recommended to change the user for the Report Server Application Pool to one with limited permission.

Administrators can check if their servers are vulnerable …

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country.

"APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009," researchers Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, and Michael Barnhart said.

APT45 is notably linked to the deployment of ransomware families tracked as SHATTEREDGLASS and Maui targeting entities in South Korea, Japan, and the U.S. in 2021 and 2022.

"It is possible that APT45 is carrying o…

While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types.

These include:Penetration testing for the SDLC Dynamic Application Security Testing (DAST) Static Application Security Testing (SAST) Interactive Application Security Testing (IAST) Fuzz Testing for APIs Application Security Posture Management (APSM)Application Security Testing Methods vs. PentestingBefore we review the six main types of application security testing, organizations often want to understand the difference between these methods and penetration testing.

Dynamic Application Security Testing (DAST)Dyn…

Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams.

"They targeted primarily adult men in the U.S. and used fake accounts to mask their identities."

In cases where some of these accounts attempted to target minors, Meta said it reported them to the National Center for Missing and Exploited Children (NCMEC).

"Financial sextortion is a horrific crime that can have devastating consequences," Meta said.

]su, a DDoS-for-hire (aka booter) service linked to "tens of thousands of attacks every week" globally.

Shadow SaaS : Employees using SaaS applications that weren't vetted by IT due to personal convenience or frustration with operational processes.

The main advantages of a browser security solution include:Most of the user work happens within the browser.

Browser Security FlavorsThere are three main types of browser security solutions:Browser extensions - These are security overlays 'on-top' of any existing browser.

Remote browser isolation (RBI) - The traditional browser security approach.

- The traditional browser security approach.

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.

The problem discovered by Tenable has to do with the fact that a Cloud Build service account is created in the background and linked to a Cloud Build instance by default when a Cloud Function is created or updated.

This permission could then be abused to access other Google Cloud services that are also created in tandem with the Cloud Function, including Cloud Storage, Artifact Registry, and Container Registry.

In a hypothetical attack scenario, ConfusedFun…

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances.

Docker said the issue is a regression in that the issue was originally discovered in 2018 and addressed in Docker Engine v18.09.1 in January 2019, but never got carried over to subsequent versions (19.03 and later).

"Users of Docker commercial products and internal infrastructure who do not rely on AuthZ plugins are unaffected."

"Default Docker Desktop configuration does not include AuthZ plugins," Georgieva noted.

"Privilege escalation is limited to the Docker Desktop [virtual machine], not the underlying host."

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition.

"A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory.

The flaws have been addressed in BIND 9 versions 9.18.28, 9.20.0, and 9.18.28-S1 released earlier this month.

There is no evidence that any of the shortcomings have been exploited in the wild.

The disclosure comes months after the ISC addressed …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

For most critical infrastructure and large organizations, their tried-and-tested cyber-resilience plan undoubtedly will have been kicked into action.

Importance of cyber-resilience plansA detailed and encompassing cyber-resilience plan can help get your business back up and running quickly.

That said, it’s important that ALL businesses adopt a cyber-resilience plan, and on occasion test the plan to ensure it performs as expected.

The plan can even be tested alongside direct business partners, but testing on the scale of ‘CrowdStrike Fridays’ incident is likely to be impractical.

Old tech is not the answer, and it’s not a viable cyber-resilience plan – it’s a disaster waiting to happen.

Nevertheless, the game is undoubtedly popular: the official Hamster Kombat account on X has more than 10 million followers, and the Hamster Kombat Announcement channel has more than 50 million subscribers as of the publication of this blogpost.

Agent.CW Windows malware targeting Hamster Kombat players.

Agent.CW Windows malware targeting Hamster Kombat players.

812799738C18ACB88D5C9987CBFBB678C35142D8 HAMSTER KOMBAT BALANCE HACK.exe Win32/Kryptik.HXDV Windows malware targeting Hamster Kombat players.

N/A Windows malware targeting Hamster Kombat players C&C server.

Using the exploit to abuse a vulnerability that we named EvilVideo, attackers could share malicious Android payloads via Telegram channels, groups, and chat, and make them appear as multimedia files.

EvilVideo allows attackers to send malicious payloads that appear as video files in unpatched Telegram for Android.

The exploit only works on Android Telegram versions 10.14.4 and older.

The vulnerability affected all versions of Telegram for Android up to 10.14.4, but has been patched as of version 10.14.5.

Telegram version 10.14.5 chat correctly displaying the nature of shared binary fileConclusionWe discovered a zero-day Telegram for Android exploit for sale on an underground forum.

A purported ad blocker marketed as a security solution hides kernel-level malware that inadvertently exposes victims to even more dangerous threatsThis week, ESET researchers have released their findings about HotPage, a browser injector that leverages a driver developed by a Chinese company and signed by Microsoft.

The malware masquerades as an “Internet café security solution” with ad-blocking capabilities.

In reality, however, it displays game-related ads and can modify or replace the contents of a requested page, redirect the user to another page, or open a new page in a new tab based on certain conditions.

What’s more, it also inadvertently leaves the door open for other threats to run…

The widespread IT outages triggered by a faulty CrowdStrike update have put software updates in the spotlight.

In the realm of computing, few things are as unsettling as encountering a blue screen of death (BSOD) on your Windows system.

Indeed, understanding the importance of software updates and acting accordingly is crucial for your defenses against ever-evolving threats.

No software is perfect, and it is often found to contain errors, including software vulnerabilities that could be exploited by hackers.

And next time you’re tempted to ignore or hold off on installing software updates, remember why they are so essential in the first place.

There may also be third parties, such as an operating system vendor, in this mix that test independently of the cybersecurity vendor, attempting to avert any major outage, as we are seeing today.

In a perfect world, a cybersecurity team would take the update and test it in their own environment, ensuring no incompatibility.

Once certain the update causes no issue a scheduled rollout of the update would begin, maybe one department at a time.

If the update process fails it can be catastrophic, as is being played out today with a software update from CrowdStrike, with blue screens of death and entire infrastructures down.

Firstly, all cybersecurity vendors are likely to be reviewing their upda…

Without going into the details of the network protocol, the remote server should serve an update of the newtalbe configuration.

The command line is replaced with the process’s executable file path concatenated with the URL in the hotPage configuration.

We came up with two scenarios that would allow a user with the HotPage driver running on their system to run code as the NT AUTHORITY\System account.

The HotPage driver reminds us that abusing Extended Verification certificates is still a thing.

FilesSHA-1 Filename Detection Description 0D1D298A3EBCA4ECE0BA52828DD3B7676D884E7F N/A Win64/HotPage.B HotPage driver.

Raspberry Pi 5Thanks especially to its versatility, power and vibrant community-driven ecosystem, the Raspberry Pi has become a favored tool among security professionals, students, and enthusiasts alike.

Primarily an affordable single-board computer, Raspberry Pi can also be loaded with various penetration testing tools and serve multiple roles.

Raspberry Pi 5 (source: Raspberry Pi)The Raspberry Pi supports a variety of operating systems tailored to different purposes and user preferences.

Its official operating system, Raspberry Pi OS (formerly Raspbian), is based on Debian Linux and is optimized for the ARM architecture.

Indeed, its capabilities of extend beyond typical Bluetooth adapters…

Your humble phone number is more valuable than you may think.

Naturally, he was baffled since he didn’t remember providing his phone number to the app.

Still, the question on your lips may be: how can scammers obtain other people’s phone numbers?

For online purchases, consider using a pre-paid SIM card or a VoIP service instead of your regular phone number.

or a VoIP service instead of your regular phone number.

The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles.

What are the implications of outlawing these payments, and would the ban be effective?

Back in May, we weighed in on the UK's apparent plan to make it illegal for critical infrastructure entities to pay ransomware attackers.

As Security Intelligence now reports, Jen Easterly, Director of the United States' Cybersecurity and Infrastructure Security Agency (CISA), has this to say about the subject: "I think within our system in the U.S. — just from a practical perspective — I don’t see it happening."

Now, as opinions seem to vary, what are the wider implications of an apparent lack of…

As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?

Imagine all traffic lights in a city turning green simultaneously, much like in Die Hard 4.

While the Internet of Things (IoT) and its integration into critical infrastructure allow for improved efficiency and remote management, they also introduce new cybersecurity risks.

This might ultimately lead to scenarios that wouldn’t be too dissimilar from the traffic light scene in the movie.

Join the host of the Unlocked 403 cybersecurity podcast Alžbeta Kovaľová as she talks with ESET Senior Research Fellow Righard Zwienenberg about the complexities of …

Take some time to familiarize yourself with the following top five Ticketmaster scams and how to shake scammers off when hunting for tickets.

Top 5 Ticketmaster scams to look out forYou might encounter variations on any of the below.

Lookalike websitesThese are spoofed to appear as if legitimate Ticketmaster site or official partner/trusted seller, complete with official logo and branding.

Bogus ticketsWhat happens when the show you desperately want to see has sold out on the official Ticketmaster site?

Once they gain access to your Ticketmaster account, scammers could buy tickets in your name and/or send purchased tickets to themselves.

Social media sites are designed to make their users come back for more.

Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Social media platforms have become a near-constant presence in our daily lives.

However, the rise of social media has also raised concerns about its impact on mental health, particularly among the young.

The New York State, for example, has just passed laws that are designed to protect children and teens from the dangers the online world, including a law on "addictive" social media feeds, the BBC reports.

With vacation season in full swing, let’s review some of the most common scams exploiting Booking.com and what to look out for when using this platform.

12 tips for avoiding Booking.com and other travel scamsThese tips will go a long way towards helping you stay safe while using Booking.com.

Booking.com never asks for information like your full credit card details, social security number, or passwords via email or chat.

Make payments through the official Booking.com platform.

Check reviews and ratings of the accommodation on Booking.com and look for reviews that are authentic and detailed.

While AI systems can minimize errors associated with fatigue and distraction, they are not infallible.

In other words, AI systems are only as good as the data they are trained on (which requires human expertise and oversight).

So while AI may lack context and understanding of its input data, humans lack an understanding of how their AI systems work.

For example, AI tools used in hiring processes may not consider the broader implications of rejecting candidates based on algorithmic biases, and the further consequences this could have on workplace diversity and inclusion.

Consider generative AI used to write blogs, emails, and social media captions: repetitive sentence structures can make cop…

Ledger today launched Ledger Flex, featuring secure E Ink touchscreen displays powered by Ledger’s Secure OS.

“By launching both Ledger Flex and Ledger Stax this year, we’re redefining the experience of self-custody.

This begins with a new app for Ledger Stax and Ledger Flex: Ledger Security Key, providing 2FA and Passkey capabilities.

Tap your Ledger Flex or Ledger Stax to your phone to login to supported services, or connect via USB to your laptop or PC.

Ledger Stax and Ledger Flex are the secure touchscreens to go with the insecure touchscreen in your pocket.”Ledger Flex is partnered by Ledger Live, the leading omni-chain companion app, which enables users to connect seamlessly with thei…

Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible.

About CVE-2024-6327 (and CVE-2024-6096)Telerik Report Server is an enterprise solution for storing, creating, managing and viewing reports in web and desktop applications.

Customers have been advised to upgrade to Telerik Reporting 2024 Q2 (v18.1.24.709), as it’s the only way to remove CVE-2024-6096, and to upgrade to Telerik Report Server 2024 Q2 (10.1.24.709) or later to fix CVE-2024-6327.

If the latter action is not possible, Progress Software notes that users “can temporarily mitigate this issue by changing the user for the Report…

While sysadmins recognize AI’s potential, significant gaps in education, cautious organizational adoption, and insufficient AI maturity hinder widespread implementation, leading to mixed results and disruptions in 16% of organizations, according to Action1.

Down from 73% last year, 60% of sysadmins acknowledge a lack of understanding of leveraging AI practically, indicating a persistent gap in AI literacy.

“Our findings indicate that, despite some trial and error in AI implementation among sysadmins, organizations generally approach AI cautiously.

80% of organizations do not require sysadmins to implement AI in their job roles, slightly down from 82% reported last year.

The report’s finding…

As AI-generated deepfake attacks and identity fraud become more prevalent, companies are developing response plans to address these threats, according to GetApp.

In fact, 73% of US respondents report that their organization has developed a deepfake response plan.

Companies are developing deepfake response plansAlso, much like phishing attack preparation, it appears that companies are looking to run simulations of attacks to increase preparedness as a majority of respondents work in companies where this is already implemented.

Awareness and practice of encountering deepfake attacks are both important for getting the workforce prepared to deal with these evolving threats.

60% of global IT and…

With compliance regulations, and the cost of a breach growing year on year, executives realize the importance of saving a cybersecurity seat at the table.

67% of CISOs report feeling unprepared for these new compliance regulations, while 52% admit to needing more knowledge on reporting cyber attacks to the government.

“As cyber threats escalate and regulations impose heavy penalties for non-compliance, it’s imperative for CISOs to reassess and strengthen their security programs in a data-driven way.

As regulations evolve, many organizations feel that they don’t have adequate guidance, or that certain terms are difficult to understand.

“Our industry is going through an evolution phase,” said…

Here’s a look at the most interesting products from the past week, featuring releases from GitGuardian, LOKKER, Permit.io, Secure Code Warrior, and Strata Identity.

SCW Trust Agent measures developers’ security competencies for code commitsSCW Trust Agent delivers control and flexibility for developer gatekeeping.

Strata Identity Continuity prevents mission-critical applications from going offlineStrata Identity announced Identity Continuity, an addition to its Maverics Identity Orchestration platform.

LOKKER introduces web privacy risk summary for insurersLOKKER released a new privacy solution for insurers: the ability to share on-demand web privacy risk reports with their insureds.

By del…

The company has more than doubled its employee base over the past year to support this demand and bring its Chainguard Images product to as many customers as possible.

Now valued at $1.12 billion, the company is making investments to expand its Chainguard Images product offering to safeguard emerging technologies like AI workloads.

“We’ve shown our customers and the industry there is a better way to align developer and security priorities when it comes to adopting open source software securely.

“Chainguard has reimagined software delivery and consumption and is the safe source for open source software,” said Sai Senthilkumar, Partner at Redpoint Ventures.

“Chainguard Images have extremely s…

A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation.

It also impacts (in a limited manner) users of Docker Desktop versions up to v4.32.0, as they also include affected versions of Docker Engine.

Finally, the exploitation risk and potential is lesser because the default Docker Desktop configuration does not include AuthZ plugins, and privilege escalation is limited to the Docker Desktop VM.

Users of Docker Desktop must wait for a version with the fix (v4.33) to be released.

“Ensure AuthZ plugins ar…

Template Types – instructions on how to gather data and process it – are included in the Sensor Content, and Template Instances – data instructions processed by the Template Types – come as part of the Rapid Response Content.

Those are equivalent to the CrowdStrike Template Types.

Template Instances are instructions that conform to Template Types, which are specific operating orders.

CrowdStrike states they rigorously test all Sensor Content, including Template Types, before it is deployed to customers.

But Sensor Content is not part of what is dynamically updated.

CAST launched CAST SBOM Manager, a new freemium product designed for product owners, release managers, and compliance specialists.

CAST SBOM Manager automates and simplifies the creation and handling of Software Bill of Materials (SBOMs), which North American and European governments now regularly require from their software providers.

“This product is intended for organizations that need to generate and maintain accurate SBOMs without the complexity and high costs associated with traditional solutions.”Using CAST SBOM Manager is straightforward.

First, users point the CAST SBOM Manager at their code repository or import an existing SBOM file for automatic scan and analysis.

Key capabilitie…

Lakera has raised $20 million in a Series A funding round.

This funding positions Lakera at the forefront of the global economy’s race to secure GenAI applications.

David Haber, CEO of Lakera, explains the urgency: “With the advent of GenAI, the old cybersecurity techniques aren’t sufficient.

With the adoption of GenAI, users now direct software applications using natural language, and Lakera’s real-time AI security does not compromise application interactivity.

All those clients have an urgency to deploy GenAI applications into production, but can’t do it without protection in place.

BIND 9.20, a stable branch suitable for production use, has been released.

In BIND 9.16, the developers introduced a new networking manager using libuv as an asynchronous event handler on top of the existing application infrastructure.

In BIND 9.20, the transition to libuv asynchronous loops is complete and BIND 9 is powered by libuv from the ground up.

BIND 9.20: Improvements in DNSSEC supportDNSSEC Policy is now the only option for managing signed zones.

You can download BIND 9.20 here.

Let’s take a closer look at what comprises an ITDR approach and the basics of least privilege, then explore how least privilege enables CISOs to implement and manage successful ITDR strategies.

The relationship between ITDR and least privilegeThe ITDR approach is holistic in nature, taking a complete view of how attackers compromise accounts and identities.

This is because least privilege requires the removal of all unnecessary user access: Access is limited to only what an employee needs to do their job, and only for as long as they need it.

Why least privilege is essential for ITDRStripping down accounts and access sets the foundation for a successful ITDR implementation.

CISOs can’t put …

In this Help Net Security interview, Ava Chawla, Head of Cloud Security at AlgoSec, discusses the most significant cloud security threats CISOs must be aware of in 2024.

These threats include data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities, and supply chain vulnerabilities.

What are the most significant cloud security threats CISOs must know in 2024?

The most significant cloud security threats right now are data breaches, misconfiguration, insider threats, advanced persistent threats, ransomware, API vulnerabilities and supply chain and third-party vulnerabilities.

Advancements in AI and ML are enhancing cloud security by improv…

GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it.

Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies.

In this Help Net Security video, Roy Blit, Head of Research at Legit Security, discusses a new Legit Security State of GitHub Actions Security report.

The report unveils an especially concerning security posture and reveals that most workflows are insecure, overly privileged, and have risky dependencies.

The report’s key findings include:

Security Awareness pros KnowBe4 have published findings on cybersecurity training among UK employees and the adoption of ‘best practice’ policies by organisations. The report, entitled ‘UK Cybersecurity Practices at Work’, highlights the various cybersecurity threats faced by modern organisations and expresses concern over the insufficient training received by employees across the UK. According to the […]

The post Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams first appeared on IT Security Guru.

The post Over Half of UK Workers Haven’t Received Training on Avoiding Phishing Scams appeared first on IT Security Guru.

Mimecast, a leading global human risk management platform, announced today the acquisition of Code42, a leader in insider threat and data loss protection. Expanding on the success of their existing technology partnership, this acquisition marks a critical step in Mimecast’s strategy to revolutionize how organizations manage and mitigate human-centered security risks. Financial terms of the deal […]

The post Mimecast Announces Acquisition of Code42, Expands Human Risk Management Platform with Visibility into Insider Threats first appeared on IT Security Guru.

The post Mimecast Announces Acquisition of Code42, Expands Human Risk Management Platform with Visibility into Insider Threats appeare…

Keepit, a global provider of a comprehensive cloud backup and recovery platform, today released a survey conducted by Foundry, as well as a study based on in-depth interviews conducted by Keepit. Both reveal critical gaps in disaster recovery strategies and highlight the pressing need for enhanced data security measures. In an evolving technological landscape, enterprise […]

The post CISOs and CIOs confront growing data protection challenges in the era of AI and cloud first appeared on IT Security Guru.

The post CISOs and CIOs confront growing data protection challenges in the era of AI and cloud appeared first on IT Security Guru.

As the global digital industry continues to grow, there has been an increased demand for both businesses and Governments to prioritise cybersecurity. Cybercrime rates are quickly rising as according to Cybersecurity Ventures, damage costs are set to increase by 15% per year until 2025 where it’s estimated that global expenditure on cybercrime could reach US$10.5 […]

The post Enhancing the cybersecurity talent pool is key to securing our digital future first appeared on IT Security Guru.

The post Enhancing the cybersecurity talent pool is key to securing our digital future appeared first on IT Security Guru.

Cyber criminals are notoriously relentless and unforgiving in their quest to exploit vulnerabilities through ever-evolving tactics. Organisations may believe that their security frameworks are robust, but when confronted with unprecedented attack methods, nobody is entirely immune to infiltration. Earlier this year, a multinational agriculture company learnt this the hard way when they fell victim to […]

The post Privilege escalation: unravelling a novel cyber-attack technique first appeared on IT Security Guru.

The post Privilege escalation: unravelling a novel cyber-attack technique appeared first on IT Security Guru.

Today (19th July 2024), outages have been reported across almost every facet of society, from airlines and airports, supermarkets and banking to communication services, NHS and trains. EDR org Crowdstrike said the problem was caused by “a defect found in a single content update for Windows hosts”. Whilst the company have confirmed that it was […]

The post Worldwide IT Outages: Cybersecurity Experts Weigh In first appeared on IT Security Guru.

The post Worldwide IT Outages: Cybersecurity Experts Weigh In appeared first on IT Security Guru.

International Cyber Expo have announced the expansion of its world-class Advisory Council, now composed of 40 industry leaders from the fields of physical and cyber security. The Advisory Council, chaired by Ciaran Martin, Former CEO of the National Cyber Security Centre (NCSC) and Professor at The University of Oxford, helps shape and inform the award-winning […]

The post Esteemed International Cyber Expo Advisory Council Expands first appeared on IT Security Guru.

The post Esteemed International Cyber Expo Advisory Council Expands appeared first on IT Security Guru.

“My Government is committed to making work pay and will legislate to introduce a new deal for working people to ban exploitative practices and enhance employment rights. It will seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models.” That’s what the King said yesterday […]

The post Cyber Community Reacts: King’s Speech and AI Legislation first appeared on IT Security Guru.

The post Cyber Community Reacts: King’s Speech and AI Legislation appeared first on IT Security Guru.

DTX brings together creative minds and technology practitioners with the tools needed to drive change, enhance experiences and improve efficiencies across today’s organisations. Covering cloud and infrastructure; software engineering and DevOps; data and AI; and cyber security, the event showcases the technology, solutions and strategies essential to advance digital projects and achieve sustainable and scalable […]

The post Digital Transformation EXPO (DTX) – Your Home of Digital Transformation first appeared on IT Security Guru.

The post Digital Transformation EXPO (DTX) – Your Home of Digital Transformation appeared first on IT Security Guru.

OX Security, the pioneer in Active Application Security Posture Management (Active ASPM), today issued the OSC&R community’s inaugural software supply chain threat report, “OSC&R in the Wild: A New Look at the Most Common Software Supply Chain Exposures.” Based on a nine-month analysis of over 100 million alerts, tens of thousands of code repositories, and […]

The post First Annual OSC&R Report Reveals 95% of Organizations Have at Least One Severe Security Risk Within their Software Supply Chain first appeared on IT Security Guru.

The post First Annual OSC&R Report Reveals 95% of Organizations Have at Least One Severe Security Risk Within their Software Supply Chain appeared first on IT Sec…

Plexal, the innovation company solving society’s challenges through collaboration, the Cyber Security Agency of Singapore (CSA) and National University of Singapore (NUS) have partnered for a new international initiative – CyberBoost. Extending across two streams initially, CyberBoost: Build will support innovators to build their first MVP. Meanwhile, CyberBoost: Catalyse, which is powered by Plexal, will enable […]

The post Global tech innovation initiative unlocks Singapore as key growth market for international startups first appeared on IT Security Guru.

The post Global tech innovation initiative unlocks Singapore as key growth market for international startups appeared first on IT Secu…

The exposure of millions of users’ phone numbers in the recent breach of Twilio’s 2FA app, Authy, has serious implications for users, who are now at a significantly heightened risk of phishing attacks and SIM swapping, endangering their privacy and security. It’s important for users to be vigilant and learn the signs of phishing attacks […]

The post Authy breach exposes data of millions – what to look out for if you use it first appeared on IT Security Guru.

The post Authy breach exposes data of millions – what to look out for if you use it appeared first on IT Security Guru.

Darktrace, a global leader in cybersecurity AI, has today released its UK State of AI Cybersecurity Report, which surveyed over 200 security leaders and practitioners across a broad array of industries. The research asked security leaders their thoughts on the threats facing their businesses following the widespread adoption of AI, which has increased the speed, […]

The post Report reveals that three quarters of UK businesses have been impacted by AI-powered cyber threats first appeared on IT Security Guru.

The post Report reveals that three quarters of UK businesses have been impacted by AI-powered cyber threats appeared first on IT Security Guru.

Some software systems have not been properly designed to contain the damage caused by a bug or a hack of some key software dependency.

You’d never set foot in such a structure, yet that’s how software systems are built.

The usual tools of regulation and certification may be inadequate, because failure of complex systems is inherently also complex.

Again, security and resilience are achieved through the process by which we fail and fix, not through any specific checklist.

Today’s internet systems are too complex to hope that if we are smart and build each piece correctly the sum total will work right.

Data Wallets Using the Solid ProtocolI am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership.

This week, we announced a digital wallet based on the Solid architecture.

Details are here, but basically a digital wallet is a repository for personal data and documents.

It also requires fine-grained permissions and robust security, and that’s what the Solid protocols provide.

I think of Solid as a set of protocols for decoupling applications, data, and security.

Supposedly the DHS has these:The robot, called “NEO,” is a modified version of the “Quadruped Unmanned Ground Vehicle” (Q-UGV) sold to law enforcement by a company called Ghost Robotics.

The Border Security Expo is open only to law enforcement and defense contractors.

A transcript of Huffman’s speech was obtained by the Electronic Frontier Foundation’s Dave Maass using a Freedom of Information Act request and was shared with 404 Media.

“NEO can enter a potentially dangerous environment to provide video and audio feedback to the officers before entry and allow them to communicate with those in that environment,” Huffman said, according to the transcript.

“NEO carries an onboard computer and …

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This is pretty horrific:…a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings.

That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims—­both in their seventies—­and forcing them to transfer more than $150,000 in Bitcoin and Ether to the thieves’ crypto wallets.

From ZDNet:However, Distributed Denial of Service (DDoS) attacks continue to be cybercriminals’ weapon of choice, making up over 37% of all mitigated traffic.

That total is nearly a third of all the DDoS attacks they mitigated the previous year.

But it’s not just about the sheer volume of DDoS attacks.

Last August, Cloudflare mitigated a massive HTTP/2 Rapid Reset DDoS attack that peaked at 201 million requests per second (RPS).

According to Google, Google Cloud was slammed by more RPS in two minutes than Wikipedia saw traffic during September 2023.

These details are stored as metadata, not visible in the article’s text directly, but assigned to a digital object identifier, or DOI—a unique identifier for each scientific publication.

References in a scientific publication allow authors to justify methodological choices or present the results of past studies, highlighting the iterative and collaborative nature of science.

Citation counts for certain researchers or journals have skyrocketed, even though these references were not cited by the authors in their articles.

In addition, when analyzing the sneaked references, we found that they highly benefited some researchers.

For example, a single researcher who was associated with Technoscie…

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

The event will also be available via Zoom.

I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024.

The list is maintained on this page.

Posted on July 14, 2024 at 12:05 PM • 0 Comments

I didn’t know:In 1994, Hewlett-Packard released a miracle machine: the HP 200LX pocket-size PC.

In the depths of the device, among the MS-DOS productivity apps built into its fixed memory, there lurked a first-person maze game called Lair of Squid.

[…]In Lair of Squid, you’re trapped in an underwater labyrinth, seeking a way out while avoiding squid roaming the corridors.

To progress through each stage and ascend to the surface, you locate the exit and provide a hidden, scrambled code word.

The password is initially displayed as asterisks, with letters revealed as you encounter them within the maze.

Basically, the recording is in an obscure video format.

People at the NSA can’t easily watch it, so they can’t redact it.

With digital obsolescence threatening many early technological formats, the dilemma surrounding Admiral Hopper’s lecture underscores the critical need for and challenge of digital preservation.

It is our shared obligation to safeguard such pivotal elements of our nation’s history, ensuring they remain within reach of future generations.

While the stewardship of these recordings may extend beyond the NSA’s typical purview, they are undeniably a part of America’s national heritage.

ICANN has filed hundreds of enforcement actions against domain registrars over the years, but this is thought to be the first in which ICANN has singled out a domain registry responsible for maintaining an entire top-level domain (TLD).

Among other reasons, the missive chided the registry for failing to respond to reports about phishing attacks involving .top domains.

But the fact that high volumes of phishing sites are being registered through Jiangsu Bangning Science & Technology Co Ltd. is hardly a new trend.

While .us domains are not even on the Top 20 list of this year’s study, “.com” maintained its perennial #1 spot as the largest source of phishing domains overall.

Other subdomain se…

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online.

Earlier today, an errant update shipped by Crowdstrike began causing Windows machines running the software to display the dreaded “Blue Screen of Death,” rendering those systems temporarily unusable.

Like most security software, Crowdstrike requires deep hooks into the Windows operating system to fend off digital intruders, and in that environment a tiny coding error can quickly lead to catastrophic outcomes.

In a post on Twitter/X, Crowdstrike CEO George …

Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts.

The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains.

“Thus nothing actually stops them from trying to login with an email,” Monahan told KrebsOnSecurity.

“Determining what emails have access to your new Squarespace account is step 1,” the help guide advises.

“If you bought Google Workspace via Google Domains, Squarespace is now your authorized reseller,” the help document explains.

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers.

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).

Wired reported last month how the hackers behind the Snowflake data thefts purchased stolen Snowflake credentials from dark web services that sell access to usernames, passwords and authentication tokens that are siphoned by information-stealing malware.

Other companies with millions of customer records stolen from Snowflake servers include Advance Auto Parts, Allstat…

But Edwards said that one site pointed to many other Fin7 properties at Stark Industries Solutions, a large hosting provider that materialized just two weeks before Russia invaded Ukraine.

As KrebsOnSecurity wrote in May, Stark Industries Solutions is being used as a staging ground for wave after wave of cyberattacks against Ukraine that have been tied to Russian military and intelligence agencies.

“FIN7 rents a large amount of dedicated IP on Stark Industries,” Edwards said.

One of the new Fin7 domains identified by Silent Push is cybercloudsec[.

Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products.

The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems.

On top of that, more than a quarter of all vulnerabilities Microsoft fixed this month are in SQL server.

It’s a good idea for Windows end-users to stay current with security updates from Microsoft, which can quickly pile up otherwise.

For a more detailed breakdown of the individual flaws addressed by Microsoft today, check out the SANS Internet Storm Center’s list.

In August 2023, x999xx sold access to a company that develops software for the real estate industry.

ALIAS: MAXNMThe oldest account by the name x999xx appeared in 2009 on the Russian language cybercrime forum Verified, under the email address [email protected].

The user x999xx registered on the Russian language cybercrime community Zloy in 2014 using the email address [email protected].

Cyber intelligence company Intel 471 finds the user Maxnm registered on Zloy in 2006 from an Internet address in Chelyabinsk, using the email address [email protected].

x999xx’s lackadaisical approach to personal security mirrors that of Wazawaka, another top Russian access broker who sold access…

The story on Radaris noted that the Lubarsky brothers registered most of their businesses using a made-up name — “Gary Norden,” sometimes called Gary Nord or Gary Nard.

“Neither of my clients is a founder of Radaris, and neither of my clients is the CEOs of Radaris,” Gurvits wrote.

THE BIG LUBARSKYIn his most recent demand letter, Mr. Gurvits helpfully included resumes for both of the Lubarsky brothers.

That list, available here, includes virtually every “Gary Norden” domain name mentioned in my original report, plus a few that escaped notice earlier.

Mr. Gurvits’ most-publicized defamation case was a client named Aleksej Gubarev, a Russian technology executive whose name appeared in the St…

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote.

The security firm Group-IB dubbed the gang by a different name — 0ktapus, a nod to how the criminal group phished employees for credentials.

The group then pivoted, using their access to Twilio to attack at least 163 of its customers.

Also in August 2022, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group.

However, on November 30, 2022 LastPass disclosed a far more serious breach that the company said leveraged data stolen in the August breach.

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users.

Security experts roundly trashed Recall as a fancy keylogger, noting that it would be a gold mine of information for attackers if the user’s PC was compromised with malware.

Microsoft countered that Recall snapshots never leave the user’s system, and that even if attackers managed to hack a Copilot+ PC they would not be able to exfiltrate on-device Recall data.

And this could speed up that sort of discovery process.”Responding to the withering criticism of Recall, Microsoft said last week that it will no longer be enabl…

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.

Operation Endgame targets the cybercrime ecosystem supporting droppers/loaders, slang terms used to describe tiny, custom-made programs designed to surreptitiously install malware onto a target system.

In those cases, the dropper is the hidden component bundled with the legitimate software that quietly loads malware onto the user’s system.

Droppers remain such a critical, human-intensive component of nearly all major cybercrime enterprises that the most popular have turned i…

On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe Wang.

911 S5 built its proxy network mainly by offering “free” virtual private networking (VPN) services.

KrebsOnSecurity first identified Mr. Wang as the proprietor of the popular service in a deep dive on 911 S5 published in July 2022.

Ten days later, 911 S5 closed up shop, claiming it had been hacked.

The government says Wang is charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.

KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

That story named Yunhe Wang from Beijing as the apparent owner or manager of the 911 S5 proxy service.

In today’s Treasury action, Mr. Wang was named as the primary administrator of the botnet that powered 911 S5.

“Jingping Liu assisted Yunhe Wang by laundering criminally derived proceeds through bank accounts held in her name that were then utilized to purchase luxury real estate properties for Yunhe Wang,” the document continues.

In the months that followed, however, 911 S5 would resurrect itself under a different name: Cloud Router.

But Stark Industries Solutions Ltd was incorporated on February 10, 2022, just two weeks before the Russian invasion of Ukraine.

Spur finds that Stark Industries (AS44477) currently is home to at least 74 VPN services, and 40 different proxy services.

(aka Perfect Quality Hosting), a Moldovan company formed in 2019 that lists the same UK mail drop address as Stark Industries.

But he said Stark Industries Solutions is indeed one of MIRhsoting’s colocation customers.

Spur.us likewise finds that virtually all of the Stark address ranges marked “DediPath LLC” are tied to Proxyline.

The US Department of Homeland Security has unveiled a dog-like robot that it says has been adapted to jam the connectivity of smart home devices.

The resident used a weapon to shoot dead two agents through the closed front door, and injure three more.

Of course, the police would need to be careful to ensure that any robot they deployed is programmed not to attack frequencies that they themselves are using.

If you're worried about someone jamming your wireless smart home devices, whether you are likely to be visited by a robotic dog or not, then your best course of action may be to use old-fashioned hardwired devices instead.

Breathe a sigh of relief that, for now, the DHS does not appear to…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by industry veterans Graham Cluley and Carole Theriault, joined this week by cybersecurity journalist and the author of “Dark Wire”, Joseph Cox.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Joseph Cox – @josephfcoxEpisode links:Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on th…

British police have arrested a 17-year-old boy believed to be linked to a cybercriminal gang that launched devastating ransomware attacks last year on MGM Resorts and other companies.

At the time, MGM resorts confirmed that the incident impacted all of its resorts in Las Vegas, including the Aria, the Bellagio, Luxor, MGM Grand and Mandalay Bay.

The cost to MGM Resorts has been declared at over US $100 million.

We have been working closely with the National Crime Agency and FBI," said Detective Inspector Hinesh Mehta, Cyber Crime Unit Manager at ROCUWM.

MGM Resorts has thanked law enforcement for its work in locating and arresting alleged members of the gang responsible for the attack, and …

It has been revealed that earlier this month a website which offered a DDoS-for-hire service was taken offline by law enforcement, but only after they collected data about its criminal customers.

We will share this data with International Law Enforcement for action.

Individuals in the UK who engaged with this site will be contacted by Law Enforcement.

Operation PowerOFF will continue to target the DDoS-for-Hire marketplace and ensure that users are being held accountable for their criminal activity.

Back in March 2023, UK police revealed that they had actually taken the step of running fake DDoS-for-hire sites in an attempt to collect information about criminals.

News and views from the world of artificial intelligence.

In episode eight of “The AI Fix”, our hosts tackle the latest news from the world of AI and learn about two important medical breakthroughs, Mark coughs, Graham ruins “Killing me softly”, and neither shows their junk to an AI.

Graham explains humour to Mark and shares a donkey story he learned from a Bulgarian, ChatGPT reveals the funniest joke in the world, and Mark explains why AI’s greatest talents sometimes appear from thin air.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on App…

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Graham explains to Mark what bats argue about, our hosts ponder whether AI should always write in Comic Sans, and Mark tells Graham why AIs are like dolphins that smoke pufferfish.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more infor…

A group of hacktivists claims to have breached the IT systems of Disney, and stolen a gigantic 1.1 terabytes worth of data from the entertainment giant's internal Slack messaging channels.

There are understandably concerns that the exfiltrated data could potentially be exploited for the purposes of further cyber attacks.

NullBulge is a little-known group of hacktivists that claims to be motivated by "protecting artists' rights and ensuring fair compensation for their work."

Whatever the motivation, the claim is that confidential communications and sensitive information have been stolen from Disney and leaked on the internet.

At the time of writing, Disney has not confirmed that NullBulge's …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

The FBI has issued a joint cybersecurity advisory with its international partners, detailing the make-up of an AI-enhanced social media bot farm that was used to spread propaganda around the world.

The bot farm, known as "Meliorator," created fake accounts that often purported to be based in the United States.

The FBI says that the Meliorator bot farm project was subsequently integrated into an FSB operation that was approved by the Kremlin to sow discord in the United States.

Examples of pro-Russian messages pushed out by the bot farm on Twitter included posts by a purported US citizen which included a video of President Putin justifying Russia's invasion of Ukraine.

"With these actions, t…

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham inflicts his terrible Australian accent on Mark while explaining bot-on-bot crime, and Mark tells Graham how to lobotomise an AI that’s obsessed with bridges.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow …

On June 22, the BlackSuit ransomware group hit NHLS, leaving it unable to process millions of blood tests.

As a consquence, the most urgent test results have had to be shared over the telephone rather than electronically.

According to media reports, hundreds of essential operations have been cancelled due to the lack of blood tests.

Police in South Africa and data regulators have been informed about the attack, for which the BlackSuit ransomware gang has taken credit.

Past victims of the BlackSuit ransomware gang include East Central University, CDK Global, schools in the US state of Georgia, and even a zoo.

Недавно нам удалось повысить точность обнаружения целевого фишинга и атак при помощи компрометации деловой переписки (BEC) путем добавления одной маленькой и, в общем-то, банальной проверки.

Сверка полей From и Reply-To — это еще один из таких критериев.

Однако поскольку при этом им нужно не просто доставить вредоносное письмо, но и получить на него прямой ответ, то в поле Reply-To они вынуждены поставить свой адрес.

Почему бы не проверять соответствие From и Reply-To всегда?

Поэтому если бы сверка From и Reply-To была включена всегда, то это приводило бы к возникновению ложных срабатываний.

Мы исследовали около 25 000 общественных хотспотов Wi-Fi в Париже и выяснили, что каждый четвертый из них небезопасен.

Что мы узналиСуммарно мы зафиксировали 47 891 записей сигналов от 24 766 уникальных точек доступа Wi-Fi.

Сколько Wi-Fi точек используют WPS и WPA3Примерно 20% (4864) исследованных нами публичных точек доступа Wi-Fi в Париже используют печально известный протокол WPS, устаревший и легко компрометируемый.

Что в итогеИтак, 25% парижских точек доступа Wi-Fi небезопасны, в том числе и те, которые для подключения требуют ввода пароля или ПИН-кода.

Если на вашем устройстве нет VPN и вы вынуждены подключаться к общественному Wi-Fi в Париже (или любом другом городе), то соблюдайте с…

Сегодня расскажем, как скамеры подготовились к Играм в Париже, как они планируют воровать деньги или персональные данные у любителей спорта и что нужно знать, чтобы следить за любимыми спортсменами Kaspersky Premium.

Олимпийская связьОлимпийские игры в Париже стартуют 26 июля.

А заодно он сольет мошенникам свой номер телефона, персональные и банковские данные и подтвердит, что в ближайшее время он будет далеко от дома, в Париже, смотреть Олимпиаду — и вряд ли будет внимательно следить за списаниями со своего банковского счета.

Аккурат к Олимпийским играм в Париже мошенники создали сеть фейковых сайтов по их продаже.

Тут вам билеты и на стрельбу из лука, и на футбол, и на бадминтон — ну полн…

Наши «коллеги по цеху» обычным пятничным утром выпустили малюсенький драйвер, который стал причиной грандиозного компьютерного сбоя по всему миру.

Кто еще пострадал от пятничного релиза CrowdStrike и как отменить «окирпичивание» компьютера — в этом материале.

Сначала грешили на сбой в Microsoft Azure, а позднее компания CrowdStrike подтвердила, что первопричина все-таки в драйвере csagent.sys или C-00000291*.sys для CrowdStrike EDR.

Если у наших пользователей случается какая-то проблема, то мы ее обязательно регистрируем, ее решение становится приоритетом на всех уровнях компании.

Заняв определенную нишу на рынке, при первом же сбое CrowdStrike утянул на дно все всех членов этой ниши.

Или еще хуже: некогда близкий человек сольет ваши интимные фото и видео в Сеть или организует шантаж.

А уж сколько партнеров прислушались к этой просьбе и на самом деле стерли нюдсы — остается только гадать.

Стоит иметь в виду, что в реальности эти цифры могут быть куда выше, ведь далеко не каждый из опрошенных признается в этом.

Алиса никогда не делала и не отправляла интимные фотографии.

К сожалению, порноскамеры тоже знают про StopNCII.org и рассылают фишинговые сообщения от его имени, предлагая — да, вы угадали — загрузить ваши интимные фото и видео якобы для их удаления.

И если пользователя не просят платить за эти услуги в явном виде — чаще всего где-то есть подвох.

Недавно произошла пара масштабных событий, которые демонстрируют, в чем же он может состоять.

Халявный VPN и ботнет из 19 миллионов IP-адресовВ мае 2024 года ФБР в партнерстве с еще несколькими агентствами уничтожила ботнет под названием 911 S5.

Общая выручка создателей 911 S5 за время работы ботнета оценивается в $99 миллионов.

Хотя среди них были в том числе и приложения другой направленности — альтернативные клавиатуры, лончеры и так далее, большую часть зараженных приложений составляли именно бесплатные VPN.

Затем специалисты по ИБ раскритиковали реализацию Recall, показали дефекты в ее защите и продемонстрировали возможность эксфильтрации данных, в том числе дистанционно.

Впрочем, Редмонд не отказывается от проекта и намерен запустить его, в том числе на более широком спектре компьютеров, включая машины с процессорами AMD и Intel.

Ассистент может сделать скриншот, распознать его в текстовом виде и сохранить — как локально, так и в публичном облаке.

Так, первоначальные заявления Microsoft о том, что все данные обрабатываются только локально и хранятся в зашифрованном виде, на практике оказались неточны.

Теперь придется подождать, пока практики ИБ проверят обновленное шифрование у Microsoft и то…

Мы часто пишем про фишинг и в качестве лучшего способа защиты предлагаем использовать наши продукты.

Поскольку в продуктах «Лаборатории Касперского» используется единый стек защитных технологий, который и был протестирован исследователями, то эта награда в равной мере распространяется и на другие продукты и решения: для защиты домашних пользователей — Kaspersky Standard, Kaspersky Plus, Kaspersky Premium — и на продукты для бизнеса, например Kaspersky Endpoint Security for Business и Kaspersky Small Office Security.

На этот раз исследователи проверяли, как популярные ИБ-решения защищают пользователей от фишинговых угроз во время просмотра веб-страниц и использования почты.

Тест проходил с 1…

Как это ни смешно, один из этих «зиро-деев», который до этого полтора года использовался для кражи паролей, был обнаружен в браузере Internet Explorer.

Почему Internet Explorer совсем не так мертв, как всем нам хотелось быВ прошлом году я уже писала о том, что на самом деле означали очередные похороны Internet Explorer.

На практике это означает, что Internet Explorer по-прежнему остается в системе, просто пользователи не могут запустить его в качестве самостоятельного браузера.

Из-за префикса mhtml в .url-файле он будет открыт не в дефолтном браузере системы, а в Internet Explorer.

Проблема в том, что в соответствующем диалоге Internet Explorer приводит название все того же .url-файла, прит…

Что умеет Kaspersky Who CallsWho Calls — это умный определитель номера с огромной и постоянно обновляемой базой информации о телефонных номерах.

При этом Who Calls заблокирует и звонки со скрытых номеров, и звонки от неизвестных пользователей WhatsApp.

Kaspersky Who Calls для iOS бесплатно предупредит о спаме, покажет категорию входящего звонка и заблокирует весь входящий голосовой спам.

В премиум-версии приложения для Android, как и в iOS, база нежелательных номеров хранится на смартфоне.

Премиальный Who Calls в подписках Kaspersky Plus и Kaspersky PremiumСтоит напомнить, что премиум-версия Kaspersky Who Calls уже включена в подписки Kaspersky Plus и Kaspersky Premium нашей линейки защитны…

Судя по количеству жертв, мы имеем дело с таргетированной атакой с целю сбора конфиденциальной информации.

Параллельно с этим он, в скрытом режиме, скачивает несколько архивов с дополнительной вредоносной нагрузкой и консольную утилиту для работы с архивами формата RAR.

Консольная утилита используется для распаковки скачанных архивов, а также для сбора интересующих злоумышленников файлов.

И в том, и в другом случае собранные данные отправляются на сервер hostingforme[.]nl.

Наши решения детектируют вредоносную нагрузку этой атаки с вердиктом Trojan.Win32.Dedok.art, а также детектируют и блокируют атаку по поведению с вердиктом Trojan.Win32.Generic.

В социальной сети X (ранее известной как Twitter) распространяется архив с вредоносным кодом под видом эксплойта для недавно обнаруженной уязвимости CVE-2024-6387 (regreSSHion).

Рассказываем, что на самом деле находится в архиве, и как злоумышленники пытаются заманить исследователей в ловушку.

Сопровождающая архив легендаПредположительно, существует некий сервер, на котором имеется рабочий эксплойт для уязвимости CVE-2024-6387 в OpenSSH.

Более того, этот сервер активно применяет этот эксплойт для атак по целому списку IP-адресов.

В реальности, он запускает вредоносный файл exploit — зловред, служащий для закрепления в системе и скачивания полезной нагрузки с удаленного сервера.

Рассказываем подробнее о том, что это за сервис, почему им стало опасно пользоваться и что в связи с этим следует предпринять для защиты.

В свою очередь, Polyfill.io — это сервис, служащий для автоматической подгрузки тех полифилов, которые необходимы для корректного отображения сайта именно в том браузере, в котором пользователь этот сайт открывает.

Исследователи подчеркивают, что сервис Polyfill.io уже не в первый раз замечен за раздачей вредоносного кода.

Сообщается о том, что потенциально опасный скрипт содержат более 100 000 сайтов.

Дело в том, что рекламный сервис Google приостановил показ рекламы, ведущей на сайты, которые раздают вредоносные скрипты, загруженные с нескольких сервисо…

Сегодня на примере группировки, занимающейся скамом на площадках объявлений, расскажем про особенности фишинга под ключ и как от него защититься.

Это основной набор участников, который есть практически в каждой группировке.

Такие люди занимаются рекламными кампаниями проекта, моральной поддержкой воркеров и их обучением.

С их помощью киберпреступники могут создавать, например, уникальные адаптированные фишинговые объявления.

А раз так, то и рекомендации по защите будут такие же, как и при других вида фишинга:

Today, I am delighted to share the launch of the Coalition for Secure AI (CoSAI).

CoSAI collaborates with NIST, Open-Source Security Foundation (OpenSSF), and other stakeholders through collaborative AI security research, best practice sharing, and joint open-source initiatives.

We must equip practitioners with integrated security solutions, enabling them to leverage state-of-the-art AI controls without needing to become experts in every facet of AI security.

Where possible, CoSAI will collaborate with other organizations driving technical advancements in responsible and secure AI, including the Frontier Model Forum, Partnership on AI, OpenSSF, and ML Commons.

Security requires collective a…

Synopsis: The Cisco Federal Operational Security Stack streamlines the process for Cisco SaaS solutions on their FedRAMP journey, bringing a myriad of benefits.

Consequently, Cisco SaaS solutions must obtain FedRAMP ATO to conduct business with U.S. Federal agencies.

As such, to streamline these efforts, Cisco has developed a centralized solution – Cisco’s Federal Operational Security Stack or Fed Ops Stack.

The journey map below shows how Cisco provides a clear process and resources for delivering SaaS solutions into regulated federal environments.

It displays the steps for solution teams to move their SaaS solutions throughout the process, while partnering with U.S. federal agencies and t…

Secure Workload helps organizations get visibility of application workload traffic flows and implement microsegmentation to reduce the attack surface and contain lateral movement, mitigating the risk of ransomware.

Below are multiple ways in which Secure Workload can be leveraged to get visibility of affected application workloads and enforce segmentation policies to mitigate the risk of workloads being compromised.

Process Anomaly and Change-In Behavior Monitoring of regreSSHionEven in the scenario where a workload is compromised, Secure Workload offers continuous monitoring and anomaly detection capabilities, as shown below:Process Snapshot: Provides a process tree of existing runtime pro…

The Dinner Party Supply Chain AttackA supply chain attack occurs when a bad actor gains access to an organization’s people and data by compromising a vendor or business partner.

Types of Supply Chain AttacksSupply chain attacks can be understandably concerning for those in charge of cybersecurity within an organization.

According to Verizon’s 2024 Data Breach Investigations Report, breaches due to supply chain attacks rose from 9% to 15%, a 68% year-over-year increase.

Secure Access: Secure Access ensures that your users safely access both the internet and private applications.

To learn more about how the User Protection Suite can protect your organization today, see the Cisco User Protecti…

Decentralization and jurisdictions: The decentralized nature of many metaverse platforms can lead to jurisdictional complexities.

This diversity significantly affects the investigation of metaverse platforms, as each requires unique methods, tools and approaches for forensic analysis.

An example illustrating metaverse forensic complexities is, a rare digital painting, goes missing from a virtual museum.

Metaverse Platforms, including different apps and digital assets in the metaverse.

This approach helps in understanding the interaction between the client and the server during the operation of metaverse platforms.

We are thrilled to announce that Cisco Defense Orchestrator (CDO) is now generally available in two new regions: India and Australia.

CDO India offers the same comprehensive capabilities as our other CDO regions, providing a seamless and efficient security management experience.

CDO AustraliaSimilarly, we are pleased to announce that CDO Australia is now live and available.

Just like our other regions, CDO Australia offers the same powerful security management capabilities, ensuring that our customers receive top-notch service and support.

Both new regions, India and Australia, are fully equipped with all the features and functionalities that our customers have come to expect from CDO.

When considering Unified Security Management (USM), the goal is to have seamless management experience.

We aim to streamline security management processes, strengthen defenses with advanced Zero Trust and vulnerability protection, and offer clear, actionable insights through AI-driven intelligence.

Our partnership with Splunk represents a significant leap forward in streamlining security operations.

This collaborative effort simplifies the management of security operations, providing Security Operations Center (SOC) teams with a superior, streamlined, and more effective method for protecting their digital landscapes.

We are dedicated to alleviating the customer’s burden by offering a Unifie…

I had the privilege of participating in an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

The ObjectiveThe primary goal of this tabletop exercise was to support the development of an “AI Security Incident Collaboration Playbook”.

This playbook, set to be published later this year, aims to enhance AI security incident response coordination between the U.S. government, industry, and global partners.

The insights gained from this exercise will directly inform the creation of the AI Security Incident Collaboration Playbook.

Stay tuned for the release of the AI Security Incident Collaboration P…

MSP Center is our simplified, usage based post-paid buying model where you as an MSP can sign up once to get access to Security portfolio.

Customer Management – The customer management feature on MSP Hub streamlines the customer onboarding process for multiple products in a single place.

Technical Integrations – We are simplifying how our Cisco Security products can easily integrate with ecosystem partners in a simple 3 click process.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

Cisco recently partnered with TechTarget’s Enterprise Strategy Group (ESG) on a survey of IT, cybersecurity, and application development professionals, The State of Cloud Security Platforms and DevSecOps (April 2024), to better understand the scope of cloud native application development environments and how organizations are protecting cloud infrastructure and applications.

Close to half of all organizations plan to deploy DevSecOps to mitigate security issues and runtime misconfigurations found in cloud applications.

Investing in the futureOrganizations overwhelmingly agree that purchase of cloud security platforms and DevSecOps over the next year is required, not optional.

This investmen…

One great area to look for trends is in malicious DNS activity.

In our latest report, Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette, we take the extraordinary volume of malicious domains that Cisco sees and blocks—over 1 million every hour—and examine it for malicious trends and patterns.

This data comes to us thanks to the DNS-layer security that is available in Cisco Umbrella and Cisco Secure Access.

These are just a couple examples of trends from the Cyber Threat Trends Report.

Learn moreDownload the full report for more key insights on the current threat landscape:Cyber Threat Trends Report: From Trojan Takeovers to Ransomware RouletteLearn more about the find…

Workload security tools draw the attention of diverse cohorts, united by a mission: fortifying hybrid cloud workloads.

In a market filled with disparate tools, Secure Workload offers a tailored reporting solution that revolutionizes how SecOps, Network Administrators, and CxOs interact with their workload security solution.

For example, SecOps teams require detailed insights into Cisco Security Risk scores, workload vulnerabilities, and the effectiveness of security policies.

Ready to experience the power of informed decision-making with Secure Workload Reporting?

Whether you’re upgrading to Secure Workload 3.9 or starting fresh, embark on a journey of unparalleled security for your hybrid …

According to AppOmni’s 2023 State of SaaS Security report, 79% of organizations reported a SaaS security incident during the preceding 12-month period.

Security Service Edge (SSE) solutions with Zero Trust Network Access (ZTNA) are a common way to securely connect the hybrid workforce to cloud applications.

This article describes how Cisco and AppOmni have teamed to extend zero trust principles to secure SaaS applications and data with a closed loop zero trust architecture.

These capabilities are collectively called Zero Trust Posture Management (ZTPM) for SaaS applications.

Next StepsCustomers interested in extending zero trust to their SaaS applications can contact AppOmni or Cisco to exp…

Ever had to stand up a Security Operations Center (SOC) in two days?

Here is what our custom “SOC in the Box” looked like wired up and fully operational, connected to the Moscone NOC and NetWitness Platform.

Our custom “SOC in a Box” was one of the highlights of the SOC tours and generated quite a bit of excitement around Cisco Security!

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet.

Onyx Sleet conducts cyber espionage primarily targeting military, defense, and technology industries, predominately in India, South Korea, and the United States.

Onyx Sleet targetsIn pursuit of its primary goal of intelligence collection, Onyx Sleet has focused on targeting entities in the defense and energy industries, predominately in India, South Korea, and the United States.

]comSHA-256TigerRAT f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c 0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207 29c6044d65af0073424ccc01abcb…

This is why a proactive and integrated Zero Trust approach is needed more than ever.

A Zero Trust approach considers all activity as suspect, and relies on three foundational principles: verify explicitly, ensure least privilege access, and assume breach.

Led by Corporate Vice President of Microsoft Security Vasu Jakkal, the online event will include:A keynote exploring why an end-to-end approach centered around a Zero Trust strategy is crucial in addressing future security challenges.

Zero Trust in the age of AI Join us on July 31, 2024, to learn how to simplify your Zero Trust strategy with the latest end-to-end security innovations.

Register nowSimplifying Zero Trust implementationWith t…

Bill Demirkapi, Security Engineer, Microsoft Security Response CenterStop by our booth (1240) to connect with Microsoft security expertsAt Black Hat 2024, Microsoft Security is here with security leaders and resources that include:Threat researchers and security experts from Microsoft Security, here to connect with the community and share insights.

Partner presence at the Microsoft boothAt the Theater in the Microsoft booth, watch our series of presentations and panels featuring Microsoft Threat Intelligence Center (MSTIC) experts and Microsoft Researchers.

Reserve your spot at the Microsoft Security VIP MixerThe event will be co-hosted by Ann Johnson, Corporate Vice President and Deputy CI…

We are excited to announce that the new Microsoft Purview Data Governance solution will be generally available beginning September 1, 2024.

In this post, we will highlight the growing challenges facing today’s data landscape and explore how Microsoft Purview Data Governance is helping customers establish a federated data-driven culture.

AI-powered data discovery in Microsoft Purview Data Governance.

The Data Catalog is an enterprise repository to help data stewards (people responsible for data governance) and data owners (people handling day-to-day maintenance of data) curate assets and enable responsible democratization of data.

Try it todayPlease log on to the Microsoft Purview portal and…

The Microsoft Entra Suite enables organizations to converge policies across identities, endpoints, and private and public networks with a unified access policy engine.

Our unified security operations platform brings together all the security signals your environment generates, then normalizes, analyzes, and uses them to proactively defend against cyberthreats.

The Microsoft Entra Suite unifies identity and network access security—a novel and necessary approach for Zero Trust security.

In addition, Microsoft Entra skills in Microsoft Copilot for Security help identity professionals respond more quickly to identity risks.

“The biggest benefit of the unified security operations platform has be…

Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS).

PanelView Plus devices are graphic terminals, also known as human machine interface (HMI) and are used in the industrial space.

These vulnerabilities can significantly impact organizations using the affected devices, as attackers could exploit these vulnerabilities to remotely execute code and disrupt operations.

Limit access to CIP devices to authorized components only.

Defender for IoT raises alerts on unauthorized access to devices using CIP,…

In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an AI model’s intended behavior.

Introducing Skeleton KeyThis AI jailbreak technique works by using a multi-turn (or multiple step) strategy to cause a model to ignore its guardrails.

Skeleton Key jailbreak technique causes harm in AI systemsThis threat is in the jailbreak category, and therefore relies on the attacker already having legitimate access to the AI model.

Output filtering : Azure AI Content Safety post-processing filter that identifies and prevents output generated by the model that breaches safety criteria.

: Azure AI Content Safety post-processing …

To optimize the relationship, the security team needs to understand how the board and the cybersecurity committee work as well.

The cybersecurity committee will have a mandate, vetted and granted by the board members and likely the chief executive officer (CEO).

Working with the cybersecurity committee and the board will involve communicating to a diverse group whose first expertise may not be information technology.

The reporting of the cybersecurity committee to the board is also confidential.

Get started with committee collaborationThe formation of a cybersecurity committee as part of a company’s board will mean more scrutiny of the IT security function.

How the Microsoft Incident Response team helps customers remediate threats Read the blogThis blog post, informed by insights from the Microsoft Incident Response team, will guide you through some key considerations of incident response readiness, structured through the people, process, and technology framework.

Microsoft Incident Response Dedicated experts work with you before, during, and after a cybersecurity incident.

Many organizations lack the personnel or capability to maintain an in-house incident response team and outsource with services like Microsoft Incident Response.

Driving incident response in your organizationProactively preparing for incident response is essential given mode…

Microsoft Defender Experts for XDR demonstrated excellent managed extended detection and response (MXDR) by unifying our human-driven services and Microsoft Defender XDR in the MITRE Engenuity ATT&CK® Evaluations: Managed Services menuPass + ALPHV BlackCat.

: Let our expert analysts manage your Microsoft Defender XDR incident queue and handle triage, investigation, and response on your behalf.

Proactive threat hunting : Extend your team’s threat hunting capabilities and prioritize significant threats with Defender Experts for Hunting built in.

: Extend your team’s threat hunting capabilities and prioritize significant threats with Defender Experts for Hunting built in.

Learn more about Micr…

This blog post delves into the processes and technologies involved in managing a mass password reset, in alignment with expert advice from Microsoft Incident Response.

Here are a few of the first questions we ask:When should you perform a mass password reset?

Microsoft Incident Response Dedicated experts work with you before, during, and after a cybersecurity incident.

For a more in-depth look at scenarios that may require mass password reset, read our technical post.

Learn moreLearn more about Microsoft Incident Response and Microsoft Entra.

This is the final blog post in our series highlighting the increasing benefits of becoming fully cloud-native in endpoint management with Microsoft Intune.

In our first post, we talked about why more of our customers are migrating to cloud-native endpoint management.

That means going cloud-native and moving endpoint management to Intune.

It also requires a re-imagining of security, policies, and approaches to endpoint management.

Find the Intune Tech Community, and engage our Intune customer success team on X or their Tech Community page.

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s).

This blog will provide an understanding of what AI jailbreaks are, why generative AI is susceptible to them, and how you can mitigate the risks and harms.

You can learn more about AI jailbreak techniques in our AI red team’s Microsoft Build session, How Microsoft Approaches AI Red Teaming.

Mitigation and protection guidanceTo mitigate the potential of AI jailbreaks, Microsoft takes defense in depth approach when protecting our AI systems, from models hosted on Azure AI to each Copilot solution we offer.

You can also use Azure AI Studio to begin the …

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s).

This blog will provide an understanding of what AI jailbreaks are, why generative AI is susceptible to them, and how you can mitigate the risks and harms.

You can learn more about AI jailbreak techniques in our AI red team’s Microsoft Build session, How Microsoft Approaches AI Red Teaming.

Mitigation and protection guidanceTo mitigate the potential of AI jailbreaks, Microsoft takes defense in depth approach when protecting our AI systems, from models hosted on Azure AI to each Copilot solution we offer.

You can also use Azure AI Studio to begin the …

In this blog post, we’ll explore how any organization—large or small—can chart its own path toward establishing their own digital trust fabric.

Stage 1: Establish Zero Trust access controls“Microsoft enabled secure access to data from any device and from any location.

Check your Microsoft Entra recommendations and Identity Secure Score to measure your organization’s identity security posture and plan your next steps.

Microsoft Entra Protect any identity and secure access to any resource with a family of multicloud identity and network access solutions.

Learn more about securing access across identity, endpoint, and network to accelerate your organization’s trust fabric implementation on our…

The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values.

The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Website operators can determine if they are affected by this issue by using the Chrome Certificate Viewer.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described for Entrust in this blog post by installing the …

To this end we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023.

Google is an active contributor to the project and we designed kvmCTF as a collaborative way to help identify & remediate vulnerabilities and further harden this fundamental security boundary.

Similar to kernelCTF, kvmCTF is a vulnerability reward program designed to help identify and address vulnerabilities in the Kernel-based Virtual Machine (KVM) hypervisor.

Finally, given how critical a hypervisor is to overall system security, kvmCTF will reward various levels of vulnerabilities up to and including code …

OSS-Fuzz is free, open source, and its projects and infrastructure are shaped very similarly to AIxCC challenges.

Competitors can easily reuse its existing toolchains, fuzzing engines, and sanitizers on AIxCC projects.

To enable kernel fuzzing, we followed a similar approach to an older blog post from Cloudflare.

Some changes to Cloudflare’s harness were required in order for this to be pluggable with the provided kernel challenges.

AIxCC challenges come with their own main() which takes in a file path.

Chrome extensions can boost your browsing, empowering you to do anything from customizing the look of sites to providing personalized advice when you’re planning a vacation.

Just type “run safety check” in Chrome’s address bar and select the corresponding shortcut: “Go to Chrome safety check.”User flow of removing extensions highlighted by Safety Check.

In 2024, less than 1% of all installs from the Chrome Web Store were found to include malware.

We're proud of this record and yet some bad extensions still get through, which is why we also monitor published extensions.

Monitoring published extensionsThe same Chrome team that reviews extensions before they get published also reviews extensio…

It’s Google CTF time!

Join the Google CTF (at goo.gle/ctf), a thrilling arena to showcase your technical prowess.

The Google CTF consists of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more.

The prize pool for this year’s Google CTF and Hackceler8 stands at more than $32,000.

Sign up for the Google CTF to expand your skill set, meet new friends in the security community, and even watch the pros in action.

In this blog, we will analyze the modern practice of Phishing “Tests” as a cybersecurity control as it relates to industry-standard fire protection practices.

This study with 14,000 participants showed a counterproductive effect of phishing tests, showing that “repeat clickers” will consistently fail tests despite recent interventions.

Some (e.g, FedRAMP) phishing tests require bypassing existing anti-phishing defenses.

At larger enterprises with multiple independent products, people can end up with numerous overlapping required phishing tests, causing repeated burdens.

In short - we need to stop doing phishing tests and start doing phishing fire drills.

And as their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe.

Google Play Protect live threat detectionGoogle Play Protect now scans 200 billion Android apps daily, helping keep more than 3 billion users safe from malware.

The detection of suspicious behavior is done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data.

This is helpful for apps that want to hide sensitive information from other apps and protect users from scams.

This is helpful for apps that want to hide sensitive information from other…

Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them.

This will help mitigate the misuse of devices designed to help keep track of belongings.

Google is now launching this capability on Android 6.0+ devices, and today Apple is implementing this capability in iOS 17.5.

If a user gets such an alert on their Android device, it means that someone else’s AirTag, Find My Device network-compatible tracker tag, or other industry specification-compatible Bluetooth tracker is moving with …

Passkeys and security keysPasskeys are an evolution of security keys, meaning users get the same security benefits, but with a much simplified experience.

By storing the passkey on a security key, users can ensure that passkeys are only available when the security key is plugged into their device, creating a stronger security posture.

Security keys provide an alternate way to use your passkeys across your devices: by bringing your security keys with you.

This replaces your remotely stored password with the PIN you used to unlock your security key, which improves user security.

However users are still required to present two security keys when enrolling into the program.

BackgroundChromium based browsers on Windows use the DPAPI (Data Protection API) to secure local secrets such as cookies, password etc.

This event was added to the Microsoft-Windows-Crypto-DPAPI stream which manifests in the Event Log in the Applications and Services Logs > Microsoft > Windows > Crypto-DPAPI part of the Event Viewer tree.

here is Chrome browser launching from explorer: 4688 2 0 13312 0 0x8020000000000000 78258343 Security WIN-GG82ULGC9GO.contoso.local S-1-5-18 WIN-GG82ULGC9GO$ CONTOSO 0xe8c85cc 0x17eac C:\Program Files\Google\Chrome\Application\chrome.exe %%1938 0x16d8 "C:\Program Files\Google\Chrome\Application\chrome.exe" S-1-0-0 - - 0x0 C:\Windows\explorer.exe…

A safe and trusted Google Play experience is our top priority.

The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks.

This new capability has already detected over 5 million new, malicious off-Play apps, which helps protect Android users worldwide.

Looking AheadProtecting users and developers on Google Play is paramount and ever-evolving.

We're launching new security initiatives in 2024, including removing apps from Play that are not transparent about their privacy practices.

Using generative AI we could write summaries 51% faster while also improving the quality of them.

Our incident response approachWhen suspecting a potential data incident, for example,we follow a rigorous process to manage it.

Closure: After the remediation efforts conclude, and after a data incident is resolved, reviewing the incident and response to identify key areas for improvement.

Continuous improvement: Is crucial for the development and maintenance of incident response programs.

This experiment showed that generative AI can evolve beyond high level summarization and help draft complex communications.

In this blog post, we'll share how the Google security team uses the Reporting API to detect potential issues and identify the actual problems causing them.

Note that in a typical roll out, we iterate steps 1 through 3 to ensure that we have triaged all violation reports.

With the Reporting API, we have the ability to run this cycle using a unified reporting endpoint and a single schema for several security features.

Most reports generated via the Reporting API are violation reports, but not all — other types include deprecation reports and crash reports.

Over the years, Google has developed a number of techniques to collect, digest, and summarize violation reports into root causes.

Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks.

In this blog post, we'll explore reporting and enforcement policies that enterprise security teams can implement within Chrome Enterprise Premium for data loss prevention (DLP).

Chrome Enterprise DLP rules give IT admins granular control over browser activities, such as entering financial information in Gen AI websites.

As enterprises work through their policies and processes involving GenAI, Chrome Enterprise Premium empowers them to strike the balance that works best.

Learn more about how Chrome Enterprise can secure businesses just like yours here.

How location crowdsourcing works on the Find My Device networkThe Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices.

Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag.

With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

The Find My Device network is also compliant with the integration version of the joint industry standard for unwanted tracking.

We have an unwavering commitment to continue to improve user protections on Find My Device and prioritize user safety.