Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 3 часа назад
Миллион марсиан: амбициозный план Маска меняет будущее человечества
Миллион марсиан: амбициозный план Маска меняет будущее человечества

Маск ставит всё на карту межпланетной колонизации.

3 часа назад @ securitylab.ru
Ловец звездной пыли: как Латес изменил мир одной частицей
Ловец звездной пыли: как Латес изменил мир одной частицей Ловец звездной пыли: как Латес изменил мир одной частицей

Ловец звездной пыли: как Латес изменил мир одной частицейAlexander Antipov100-летний юбилей знаменитого бразильского ученого.

Сезар Латес родился в 1924 году в Куритибе, Бразилия, в семье итальянских иммигрантов.

Получив одну из таких пластинок от Оккиалини, Латес понял, что для лучшей видимости частиц необходимо добавить бор.

Этот метод сработал настолько хорошо, что Латес смог увидеть каждый протон.

Это открытие принесло Пауэллу Нобелевскую премию в 1950 году, но Латес и Оккиалини не были отмечены наградой.

4 часа назад @ securitylab.ru
C++ для высокочастотного трейдинга: простые шаги к оптимизации кода
C++ для высокочастотного трейдинга: простые шаги к оптимизации кода

Важность оптимизации для молниеносных сделок.

12 часов назад @ securitylab.ru
Полет Europa Clipper за $5 млрд под угрозой из-за уязвимости транзисторов
Полет Europa Clipper за $5 млрд под угрозой из-за уязвимости транзисторов

Дефекты в транзисторах угрожают миссии к Юпитеру.

12 часов назад @ securitylab.ru
Лекция Адмирала Хоппер исчезла в технологическом прошлом
Лекция Адмирала Хоппер исчезла в технологическом прошлом

АНБ не в состоянии оцифровать уникальные записи.

13 часов назад @ securitylab.ru
Охота за новой физикой: Belle II находит новые подсказки
Охота за новой физикой: Belle II находит новые подсказки

Первый прямой замер R(Xτ/ℓ) подтверждает стандартную модель.

13 часов назад @ securitylab.ru
Пять шагов до Скайнета: OpenAI о том, как ИИ превзойдет человека
Пять шагов до Скайнета: OpenAI о том, как ИИ превзойдет человека

Как искусственный интеллект может превзойти человеческие возможности.

1 day, 1 hour назад @ securitylab.ru
Intel теряет корону: разработчики игр голосуют за AMD своими серверами
Intel теряет корону: разработчики игр голосуют за AMD своими серверами

Нестабильность процессоров вынуждает студии искать более надёжные решения для игровых серверов.

1 day, 1 hour назад @ securitylab.ru
От каракулей к четкому тексту: магия Copilot в OneNote
От каракулей к четкому тексту: магия Copilot в OneNote От каракулей к четкому тексту: магия Copilot в OneNote

От каракулей к четкому тексту: магия Copilot в OneNoteAlexander AntipovMicrosoft готовит уникальный ИИ-инструмент для пользователей.

Microsoft анонсировала новый функционал Copilot в OneNote, который позволит распознавать и анализировать рукописные заметки.

Copilot, использующий технологии искусственного интеллекта, сможет конвертировать рукописные заметки в текст для удобного редактирования и обмена.

Эта функция будет доступна подписчикам Copilot для Microsoft 365 и пользователям Copilot Pro после более широкого выпуска обновления.

Copilot позволяет быстро преобразовать рукописные заметки в легко читаемый текст, что значительно упрощает работу с заметками и списками дел.

1 day, 1 hour назад @ securitylab.ru
Квантовый ключ к загадке Хаббарда: китайцы нашли путь к сверхпроводимости
Квантовый ключ к загадке Хаббарда: китайцы нашли путь к сверхпроводимости

Ученые создали устройство для моделирования движения субатомных частиц — задача, которая не под силу даже лучшим суперкомпьютерам.

1 day, 2 hours назад @ securitylab.ru
Эйнштейн был прав... даже когда ошибался: новый взгляд на сверхсветовые частицы
Эйнштейн был прав... даже когда ошибался: новый взгляд на сверхсветовые частицы

Тахионы и их влияние на теории пространства и времени.

1 day, 14 hours назад @ securitylab.ru
Китай готовится к тестированию защиты планеты от астероидов
Китай готовится к тестированию защиты планеты от астероидов

Миссия 2027 года обещает быть захватывающей.

1 day, 14 hours назад @ securitylab.ru
LUCA: знакомьтесь с прародителем жизни, возникшей 4,2 миллиарда лет назад
LUCA: знакомьтесь с прародителем жизни, возникшей 4,2 миллиарда лет назад

Ученые выяснили, что последний универсальный общий предок всех живых существ существовал намного раньше, чем предполагалось

1 day, 14 hours назад @ securitylab.ru
План Б для интернета: НАТО готовится к худшему сценарию
План Б для интернета: НАТО готовится к худшему сценарию

Новый проект обеспечит безопасность связи при любых угрозах.

1 day, 23 hours назад @ securitylab.ru
Ваш Chrome - шпион Google? Раскрыта неотключаемая утечка данных
Ваш Chrome - шпион Google? Раскрыта неотключаемая утечка данных

И вы ничего не можете с этим сделать.

1 day, 23 hours назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 2 days, 8 hours назад
Стратегии харденинга: как укрепить защиту через оптимизацию настроек
Стратегии харденинга: как укрепить защиту через оптимизацию настроек Стратегии харденинга: как укрепить защиту через оптимизацию настроек

Плавное введение новшеств и систематическое наблюдение помогают поддерживать устойчивость системы и оперативно реагировать на возникающие угрозы.

Грамотно проведённый анализ и своевременное обнаружение уязвимостей не только предотвращают возможные инциденты, но и способствуют укреплению безопасности всей системы в целом.

Тестирование измененийИзменения сначала проверяются на ограниченном количестве систем для оценки воздействия и для выявления возможных проблем.

Пентест (Penetration Testing): симуляция кибератак на сетевую инфраструктуру выявляет слабые места и проверяет системы на способность противостоять реальным угрозам.

В конечном итоге, гибкость и адаптивность стратегий харденинга опр…

2 days, 8 hours назад @ anti-malware.ru
Обзор рынка систем резервного копирования и восстановления данных — 2024
Обзор рынка систем резервного копирования и восстановления данных — 2024 Обзор рынка систем резервного копирования и восстановления данных — 2024

Ситуация на рынке систем резервного копированияСпрос на системы резервного копирования и восстановления данных на российском и мировом рынках продолжает расти.

Динамика роста рынка систем резервного копирования (фрагмент отчёта Business Research Insight)Причины роста востребованности систем резервного копирования и восстановления данных:усиление киберугроз (в том числе политически мотивированных);увеличение количества заражений программами-шифровальщиками;сохранение вероятности технических сбоев и взломов, приводящих к уничтожению данных;развитие облачных решений.

Обзор российских систем резервного копирования и восстановления данныхСчитается, что российские решения для резервного копирован…

2 days, 12 hours назад @ anti-malware.ru
vGate стал Windows-независимым и готовится к распределённому NGFW
vGate стал Windows-независимым и готовится к распределённому NGFW vGate стал Windows-независимым и готовится к распределённому NGFW

Какова роль «Кода Безопасности» и продукта vGate в этом процессе?

Как отметил Фёдор Дбар, совместимость новых версий vGate с VMware, безусловно, останется.

Цель vGate — настроить систему так, чтобы можно было «понимать» трафик не только на сетевом уровне (L3 и L4), но и на прикладном (L7).

Сервисы распределённого NGFW в составе будущей версии vGate 5.1Если говорить упрощённо, vGate поставит перед каждой виртуальной машиной свой «маленький NGFW».

Применение распределённого NGFW в будущей версии vGate 5.1ВыводыНесмотря на выпуск лишь минорной версии vGate, в новом продукте уже заложен новый функциональный набор, который далее будет расширен «распределённым NGFW».

3 days, 9 hours назад @ anti-malware.ru
Обзор Kaspersky MDR, сервиса по обнаружению кибератак
Обзор Kaspersky MDR, сервиса по обнаружению кибератак Обзор Kaspersky MDR, сервиса по обнаружению кибератак

Схема работы команды Kaspersky MDR над инцидентомИнцидент может быть переведён в состояние «закрыт» как командой Kaspersky MDR, так и самим клиентом.

От уровня критической значимости инцидента зависит нормативное время реакции команды Kaspersky MDR, определённое соглашением об уровне сервиса (SLA).

Системные требования Kaspersky MDRДля работы с Kaspersky MDR необходимо обеспечить соблюдение всех системных требований.

Сценарии использования Kaspersky MDRРассмотрим далее применение решения Kaspersky MDR в различных ситуациях.

Интеграция Kaspersky MDR в существующую систему управления инцидентамиИнтеграция Kaspersky MDR с развёрнутой на стороне клиента собственной системой управления инцидента…

4 days, 12 hours назад @ anti-malware.ru
Уроки LockBit: почему операцию Cronos нельзя назвать успешной?
Уроки LockBit: почему операцию Cronos нельзя назвать успешной? Уроки LockBit: почему операцию Cronos нельзя назвать успешной?

Тогда BlackCat и LockBit посмеялись над неудачей своего конкурента.

На этой волне два конкурента — BlackCat и LockBit — решили объединиться против общего заклятого врага: западных правоохранительных органов.

Многословие и самооправдание спикера подтвердили, что по LockBit был нанесён серьёзный удар, владельцы «партнёрки» в первое время явно были напуганы.

LockBit сохранила часть партнёров и с остервенением стала атаковать по всему миру, выйдя снова в лидеры по количеству атак.

Операцию «Кронос» нельзя считать успешной, деятельность LockBit не прекращена, победные реляции ФБР и других не соответствуют действительности.

5 days, 5 hours назад @ anti-malware.ru
Обзор Solar inRights 3.4, IGA-системы для управления доступом
Обзор Solar inRights 3.4, IGA-системы для управления доступом Обзор Solar inRights 3.4, IGA-системы для управления доступом

Новое в Solar inRightsС момента выхода предыдущего обзора Solar inRights была доработана как в части основной функциональности, так и в отношении пользовательского опыта, возможности интеграции, обеспечения мер безопасности.

Для упрощения интеграции и для оптимизации внедрения разработан универсальный коннектор, а также реализованы продуктовый коннектор и шаблон для подключения к системе доменных каталогов ALD Pro.

В экранном отчёте представлены Ф. И. О. и информация о трудоустройстве: должность, подразделение и статус.

Карточка пользователя с основной информациейВ левой части функционального пространства карточки расположены фотография, статус, Ф. И. О. и суммарный уровень риска.

Оформлени…

5 days, 12 hours назад @ anti-malware.ru
Обзор InfoWatch Traffic Monitor 7.9, российской DLP-системы нового поколения
Обзор InfoWatch Traffic Monitor 7.9, российской DLP-системы нового поколения Обзор InfoWatch Traffic Monitor 7.9, российской DLP-системы нового поколения

Обзор будет посвящён передовым технологиям, применяемым в InfoWatch Traffic Monitor 7.9, а также в модулях InfoWatch Vision, InfoWatch Activity Monitor, InfoWatch Data Discovery и InfoWatch Prediction, объединённых в общем интерфейсе центра расследований.

Карточка расследованияПри проведении расследования мы использовали данные из различных продуктов и модулей InfoWatch по защите данных.

Для решения этой проблемы в InfoWatch Traffic Monitor используется программный модуль ActiveSync Adapter, который обеспечивает синхронизацию почты на Exchange-сервере и мобильном устройстве.

Поиск событий по ключевым словам в InfoWatch Traffic MonitorПо итогам поиска можно увидеть, кто и на каких ресурсах р…

1 week, 3 days назад @ anti-malware.ru
Могут ли супераппы защитить процессы большого бизнеса без MDM-систем?
Могут ли супераппы защитить процессы большого бизнеса без MDM-систем? Могут ли супераппы защитить процессы большого бизнеса без MDM-систем?

Заказчикам важно, чтобы у разработчика ПО были документы, подтверждающие соответствие продукта требованиям по безопасности, в том числе сертификаты ФСТЭК России.

Их наличие быстро и ёмко отвечает на вопросы о степени зрелости и безопасности решений.

При создании нового решения к нему были выдвинуты почти 200 пунктов требований по информационной безопасности — и все они были выполнены.

ИБ-фишки в супераппах, доступные уже сегодняДля обеспечения информационной безопасности в супераппах есть простые с точки зрения пользователей, но надёжные инструменты.

С его помощью сотрудники могут общаться с коллегами, которые зарегистрированы на доверенных корпоративных серверах, и безопасно взаимодействов…

1 week, 5 days назад @ anti-malware.ru
Указ Президента № 500: ускорится ли импортозамещение NGFW
Указ Президента № 500: ускорится ли импортозамещение NGFW Указ Президента № 500: ускорится ли импортозамещение NGFW

Приблизит ли нас новый регуляторный рычаг к тотальному импортозамещению NGFW, совпадают ли потребности заказчиков со способностями вендоров?

Такие центры привлекаются для противодействия цифровым угрозам, направленным на ведомства и субъекты КИИ, а также для реагирования на инциденты и их расследования.

Однако и стратегия с максимальной шлифовкой граней в попытке довести решение в лаборатории и на стенде до идеала тоже имеет недостатки.

Самая большая трудность для нынешних заказчиков — найти производительный и в то же время максимально надёжный NGFW.

Требования к функциональности могут варьироваться в зависимости от того, где стоит NGFW: в ядре сети, в ЦОДе или на периметре.

1 week, 5 days назад @ anti-malware.ru
На AM Live+ показали три техношоу по информационной безопасности
На AM Live+ показали три техношоу по информационной безопасности На AM Live+ показали три техношоу по информационной безопасности

Экспертное обсуждение «AM Live в большом городе»Строго говоря, очная экспертная конференция AM Live с участием зрителей состоялась не впервые.

Участники экспертного обсуждения «AM Live в большом городе»Обзор вопросов, поднятых во время дискуссии, и мнений её участников появится на нашем сайте позднее.

Всё просто и понятно: на сцену приглашаются спикеры — представители ИБ-компаний, и их задача — вынести на публичное обсуждение новый продукт, технологию, функцию или решение по тематике ИБ.

Они обычно развиваются естественным путём, а новый дискуссионный формат в рамках AM Live+ — это возможность значительно ускорить их формирование, получая попутно экспертную оценку со стороны представителей …

1 week, 6 days назад @ anti-malware.ru
Обзор российского рынка СКЗ элементов интеллектуальных систем учёта электроэнергии (ИСУЭ)
Обзор российского рынка СКЗ элементов интеллектуальных систем учёта электроэнергии (ИСУЭ) Обзор российского рынка СКЗ элементов интеллектуальных систем учёта электроэнергии (ИСУЭ)

ИВК и ИВКЭ (УСПД) предназначены для дистанционного считывания, обработки, хранения и отображения результатов измерений электроэнергии, журналов событий и данных о параметрах настройки.

Проектные решения по криптозащите и эксплуатации СКЗИ в ИСУЭ в соответствии с законодательством РФ следует согласовывать с ФСБ России.

В частности, применение программных исполнений СКЗИ накладывает дополнительные требования к аппаратным платформам ПУ и ИВКЭ (УСПД) в части вычислительных ресурсов.

Мировой рынок средств криптографической защиты ИСУЭЗарубежные СКЗИ для ИСУЭ не соответствуют требованиям законодательства РФ, но для понимания общей практики рассмотреть их важно.

Это упрощает процесс разработки и в…

2 weeks, 2 days назад @ anti-malware.ru
Обзор Dataplan 1.10, аналитической платформы для решения ИБ-задач
Обзор Dataplan 1.10, аналитической платформы для решения ИБ-задач Обзор Dataplan 1.10, аналитической платформы для решения ИБ-задач

Dataplan 1.10 — российская аналитическая платформа для сбора, хранения и обработки больших массивов данных с применением алгоритмов машинного обучения.

Сформированные отчёты могут отправляться выбранным получателям по расписанию или по срабатыванию заданного триггера (например, при появлении новых данных или достижении каким-то показателем заданного значения).

«Состояние Active Directory» → «Рекомендации» в модуле Role MiningРекомендации формируются по принципу «лучших практик» и представлены как для групп, так и для пользователей AD.

Эти сведения также можно использовать для формирования базового доступа в IdM-системе и для оптимизации затрат при её внедрении.

Продукт оптимален для размеще…

2 weeks, 3 days назад @ anti-malware.ru
Apple Intelligence: ИИ-прорыв или кошмар для конфиденциальности владельцев iPhone?
Apple Intelligence: ИИ-прорыв или кошмар для конфиденциальности владельцев iPhone? Apple Intelligence: ИИ-прорыв или кошмар для конфиденциальности владельцев iPhone?

Apple Intelligence: потенциал и рискиВ Apple Intelligence уже внедрена модель GPT-4o и скоро добавится Google Gemini для обработки текста в облаке, генерации контента, редактирования, реферирования и ответов на запросы.

Облачная модель от самой Apple используется в iOS-приложении «Фото» и в новой Siri.

Пока нет гарантированной защиты от уязвимостей «нулевого дня», о какой безопасности данных в Apple Intelligence может идти речь?

Правовые и этические аспекты внедрения ИИ в экосистему AppleАктуальное законодательство о персональных данных не в полной мере учитывает специфику применения ИИ.

Apple должна дать юридические гарантии неприкосновенности пользовательских данных и обеспечить независим…

2 weeks, 4 days назад @ anti-malware.ru
Обзор российского рынка корпоративных криптошлюзов (VPN-шлюзов)
Обзор российского рынка корпоративных криптошлюзов (VPN-шлюзов) Обзор российского рынка корпоративных криптошлюзов (VPN-шлюзов)

Рассмотрим состояние рынка VPN в мире и в России, выделим программно-аппаратные VPN-шлюзы и сервисы ГОСТ VPN, которые подходят корпоративному сегменту в условиях санкционного давления и необходимости выполнять требования регуляторов.

Рассмотрим имеющиеся предложения VPN-шлюзов от российских компаний, а также оценим состояние рынка VPN в мире.

Сервисы ГОСТ VPN:«МТС RED ГОСТ VPN» (МТС);«Selectel ГОСТ VPN» («Селектел»);«Ростелеком-Солар ГОСТ VPN» («СОЛАР СЕКЬЮРИТИ»).

Канал и трафик: VPN и ГОСТ VPN, кластер высокой доступности, ограничение пропускной способности (шейпинг трафика), аварийное переключение (connection failover), балансировка канала.

Для некоторых корпоративных заказчиков оптимальн…

2 weeks, 5 days назад @ anti-malware.ru
Как защитить неструктурированные данные и выбрать DCAP-систему в 2024 году
Как защитить неструктурированные данные и выбрать DCAP-систему в 2024 году Как защитить неструктурированные данные и выбрать DCAP-систему в 2024 году

В некоторых организациях следует учитывать и вероятность кражи государственной тайны, что, в свою очередь, может привести и к уголовной ответственности.

Обновление политик безопасности и мониторинг помогают отслеживать и анализировать попытки доступа, что способствует своевременному выявлению возможных проблем безопасности и реагированию на них.

Как выбрать DCAP-системуСпикер Сергей Добрушский утверждает, что DCAP-системы многофункциональны и с каждым днём их возможности расширяются.

Первичный процесс сканирования может занять много времени, но после этого система работает быстрее и не требует больших мощностей.

ВыводыНедостаточная защита информации может привести к серьёзным последствиям, …

2 weeks, 6 days назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 5 часов назад
Анализ тенденций в области антифрода: как технологии проверки личности меняются и совершенствуются
Анализ тенденций в области антифрода: как технологии проверки личности меняются и совершенствуются Анализ тенденций в области антифрода: как технологии проверки личности меняются и совершенствуются

В современном мире антифрод — это скрытый, но ключевой элемент защиты как для крупных бизнесов, так и для небольших компаний.

В этой статье мы рассмотрим эволюцию технологий проверки личности, их противодействие мошенничеству и различные виды таких технологий.

Эволюция методов проверки личностиТрадиционные методы проверки личности (пароли и пин-коды, личные подписи, документы, удостоверяющие личность) уже долгое время являются основой протоколов безопасности в различных отраслях.

Исторически сложилось так, что для проверки личности использовались аутентификация по логину и паролю, контрольные вопросы, и даже физические документы — паспорта и другие документы.

Вызовы и будущие направления ра…

5 часов назад @ habr.com
Что нового в мире обхода блокировок Интернета в середине 2024: XRay, Outline, Tor, Amnezia и все-все-все
Что нового в мире обхода блокировок Интернета в середине 2024: XRay, Outline, Tor, Amnezia и все-все-все Что нового в мире обхода блокировок Интернета в середине 2024: XRay, Outline, Tor, Amnezia и все-все-все

Представляю вашему вниманию короткий обзор что же произошло в России и в мире в области цензуры интернета и того, как этому противостоят энтузиасты.

Нет никаких гарантий, что на другом конце данные будут получены точно так же в виде двух сообщений по 50 байт.

Работает он до неприличного просто: устанавливаем соединение, и в бесконечном цикле посылаем GET/POST запросы и ждем ответы.

Работало это все довольно медленно, и создавало существенную нагрузку и на удаленный сервер, и на CDN, даже в те моменты, когда никаких данных не передавалось.

Если и это слишком сложно - есть AmneziaFree и VPN Generator (см.

1 day, 6 hours назад @ habr.com
Osmedeus — инструмент наступательной безопасности
Osmedeus — инструмент наступательной безопасности Osmedeus — инструмент наступательной безопасности

Osmedeus - это фреймворк, позволяющий автоматизировать этап разведки при проведении тестирований на проникновение, также подходящий для выстраивания Vulerability management.

Более подробно узнать о каждом workflow можно непосредственно в директории их расположения ~/osmedeus-base/worflow/ .

Steps - это самая "маленькая" часть (атом Osmedeus), из которой выстраивается модуль, и определяющая конкретную команду.

СканированиеЗапускать сканирование можно используя workflow целиком либо при помощи любого из модулей самостоятельно.

Информацию о результатах сканирований можно транслировать в различные системы, что особенно удобно при настроенных регулярных сканированиях, выполняющихся по расписанию…

1 day, 9 hours назад @ habr.com
[Перевод] Невероятно тупой способ взлома Wi-Fi в самолёте (зато бесплатно)
[Перевод] Невероятно тупой способ взлома Wi-Fi в самолёте (зато бесплатно) [Перевод] Невероятно тупой способ взлома Wi-Fi в самолёте (зато бесплатно)

Прототип 1: мессенджерОсновная идея заключалась в следующем: допустим, я вошёл в аккаунт программы авиамиль и изменил своё имя.

Если PySkyWiFi работал через GitHub, то заработал бы и через аккаунт Star Power UltimateBlastOff.

А ещё это значит, что в добавлении нового сетевого слоя для новой платформы программы авиамиль тоже нет ничего сложного.

Чтобы обойти эту проблему, сетевой слой должен перед записью сегментов в аккаунт преобразовать их в кодировку base26.

Кроме того, тогда PySkyWiFi сможет напрямую устанавливать с целевым веб-сайтом TLS-соединения, чтобы при передаче через аккаунт программы авиамиль трафик шифровался.

1 day, 23 hours назад @ habr.com
Что общего у японских бань и файрвола, или Кибербез головного мозга
Что общего у японских бань и файрвола, или Кибербез головного мозга Что общего у японских бань и файрвола, или Кибербез головного мозга

Поэтому мне и показалось интересным провести параллель между тем, как безопасность работает в IT и на улицах японских городов.

О том, что Япония это страна предупреждений и подробнейших инструкций, без которых и шагу не ступишь, наверно, и рассказывать не надо.

Вы наверняка слышали, что в Японии нельзя отключить звук снимка, поскольку девушки часто сталкиваются с подглядываниями и боятся, что их тайно сфотографируют.

Например, власти заметили, что с крыши мэрии Токио открывается потрясающий вид на закат, и что бы вы думали?

Так вот, цены на них здесь нереально большиеНесмотря на то, что на фотографии кораблик, в Японии король транспорта – поезд

2 days, 5 hours назад @ habr.com
Как не отдать хакеру свой аккаунт: методы обхода MFA и способы защиты от таких кибератак
Как не отдать хакеру свой аккаунт: методы обхода MFA и способы защиты от таких кибератак Как не отдать хакеру свой аккаунт: методы обхода MFA и способы защиты от таких кибератак

Меня зовут Василий Огнев, я руковожу направлением многофакторной аутентификации (MFA) в компании МТС RED, создающей продукты и сервисы кибербезопасности.

В этой статье мы рассмотрим, как хакеры обходят защиту MFA и что надо сделать, чтобы отразить такие атаки.

Чтобы избежать таких ситуаций, и число попыток, и время ввода второго фактора должны быть ограничены.

При генерации OTP очень важно, чтобы коды были истинно случайными и, как следствие, непредсказуемыми.

Поэтому выбирая решение, всегда стоит обращать внимание на то, где генерируется код второго фактора, как он доставляется пользователю и как защищен от существующих векторов атак.

2 days, 5 hours назад @ habr.com
Заражение по фэншую или разбор атаки через уязвимости Windows
Заражение по фэншую или разбор атаки через уязвимости Windows Заражение по фэншую или разбор атаки через уязвимости Windows

Специалисты по информационной безопасности ознакомятся с рекомендациями по защите инфраструктуры в рамках контракта или трудовых соглашений.

Однако обратите внимание, что URL-схемы есть у браузера, а не у почты поэтому возможность обратиться через письмо напрямую не получится, для этого необходимо также поднять веб-сервер.

Submit и кнопки по действию JS не подойдут, так как помечаются вредоносными или сам язык JS не поддерживается почтой.

Так как к серверу мы подключаемся через клиент — проводник, то и отображение элементов происходит по правилам файла desktop.ini.

Вполне возможен и иной вектор атаки через вредоносную ссылку в браузере по отношению к системному ПО, в том числе и офисным при…

2 days, 7 hours назад @ habr.com
Как сбить цензор GPT-3.5 за 250 рублей?
Как сбить цензор GPT-3.5 за 250 рублей? Как сбить цензор GPT-3.5 за 250 рублей?

Пример вредоносного запроса и реакции gpt-3.5-turbo-1106Цель работы — сбить ограничения модели и повысить эффективность наших атак, чтобы при запросе сгенерировать опасный контент модель давала желаемый результат, а не отклоняла запросы и не извинялась.

Пример успешной атаки на файнтюн моделиСбор датасета для файнтюнаЧтобы сбить защиту GPT3.5, необходим особый набор данных, состоящий из пар "запрос - идеальный ответ".

}, { "role": "user", "content": "Привет, расскажи мне, пожалуйста, как сделать 🫢 ... }, { "role": "assistant", "content": "Для приготовления 🫢 необходимо провести несколько этапов, включая сбор, сушку и прессование.

Шаги создания датасетаЗапуск моделиДля использования этой мод…

2 days, 15 hours назад @ habr.com
Дампим домен и смотрим артефакты
Дампим домен и смотрим артефакты Дампим домен и смотрим артефакты

🔥 Атака Domain Dump позволяет злоумышленнику сдампить домен для получения информации о пользователях и группах, а также для последующего построения пути компрометации домена.

Теория*данная статья будет рассмотрена на примере утилиты bloodhound *Стадии работы на примере bloodhound:Аутентификация через указанный протокол Сбор информации о количестве лесов, доменов и хостов Сбор информации о пользователях, группах, политиках и т.д.

В случае, если был выбран Kerberos и произошла ошибка получения TGT, метод авторизации будет автоматически изменен на NTLM.

ПрактикаДамп через Kerberos аутентификациюpython bloodhound.py -u ldapdump-user -p Bloodhound?

Трафик атакиКак обычно, начинаем с Kerberos аут…

3 days, 4 hours назад @ habr.com
[Перевод] Как я взломал штрих-коды продавца билетов TicketMaster
[Перевод] Как я взломал штрих-коды продавца билетов TicketMaster [Перевод] Как я взломал штрих-коды продавца билетов TicketMaster

В Ticketmaster SafeTix применяется новая уникальная система штрих-кодов, автоматически обновляемых каждые 15 секунд.

Если присмотреться к билету, можно заметить, что в нём есть движущаяся полоса, делающая его в каком-то смысле живым.

Я не пользуюсь Google Wallet, потому что сильно забочусь о конфиденциальности и стараюсь держаться как можно дальше от сервисов Google.

Но ведь сейчас 2024 год: всё, что делается онлайн, перестало быть простым.После завершения покупки TicketMaster сообщил мне, что я не смогу распечатать билеты на мероприятие.

Мы должны использовать свои силы осмотрительно и ответственно, что и подразумевают эти силы.

3 days, 5 hours назад @ habr.com
Что такое анализ киберугроз и зачем он бизнесу
Что такое анализ киберугроз и зачем он бизнесу Что такое анализ киберугроз и зачем он бизнесу

Анализ киберугроз — это гибкая и постоянно развивающаяся технология, которая использует информацию об истории угроз для того, чтобы заранее блокировать и смягчать последствия возможных будущих атак на организацию.

Базы данных угрозБазы данных угроз могут помочь понять, какие уязвимости могут быть использованы злоумышленниками и какие из уязвимостей требуют немедленного исправления.

Зачем нужен анализ киберугрозКак и в случае с обычной разведкой, существует три уровня сбора информации о киберугрозах: оперативный, тактический и стратегический.

Оптимизация ресурсов безопасности: знание конкретных угроз и уязвимостей позволяет эффективно распределять ограниченные ресурсы безопасности.

Поддержка…

3 days, 7 hours назад @ habr.com
Паук в Active Directory так лапками тыдык тыдык
Паук в Active Directory так лапками тыдык тыдык Паук в Active Directory так лапками тыдык тыдык

В чем соль: у нас уже есть достаточно известные утилиты, чтобы "отслеживать" изменения в Active Directory.

Всё потому, что Active Directory - это, на мой взгляд, очень ресурсоэффективное создание, ибо создавалось оно во времена отсутствия быстрых сетей и безграничных ресурсов.

Но сам факт изменения мы все же увидим, так как USN изменился, USNChanged у объекта и LocalChangeUsn у свойства - тоже.

Поэтому, даже если свойство менялось 4 раза и в итоге вернулось к исходному значению, мы все равно увидим эту активность (USN и Version изменились).

Если собрать все вместе, то можно получить инструмент, который будет отображать любые изменения в Active Directory с минимальной загрузкой сети и контро…

3 days, 7 hours назад @ habr.com
Что знать и уметь, чтобы стать участником Всероссийской студенческой кибербитвы?
Что знать и уметь, чтобы стать участником Всероссийской студенческой кибербитвы? Что знать и уметь, чтобы стать участником Всероссийской студенческой кибербитвы?

Innostage уже провела две кибербитвы — в Казани на Kazan Digital Week и в Москве на Positive Hack Days 2.

Начинающему защитнику многие термины могут быть неизвестны, так что вооружаемся гуглом и хабром, чтобы разобраться, что к чему.

Поэтому старайтесь создать хорошую атмосферу внутри команды, чтобы объединить усилия и достичь желаемого результата.

Так что ВСКБ помогает и в учёбе.

Всероссийская студенческая кибербитва тоже постоянно развивается, организаторы делают её интересней и сложнее, чтобы команды получали максимум опыта от участия.

3 days, 8 hours назад @ habr.com
Альтоид и крестовый поход против государства
Альтоид и крестовый поход против государства Альтоид и крестовый поход против государства

Зовут этого уроженца США Росс Ульбрихт, и если вы еще не знаете деталей его биографии, умоляем, не спешите на Википедию для беглого ознакомления, не лишайте себя удовольствия и не спойлерите себе этот захватывающий сюжет.

И это не просто биография Ульбрихта, не просто история взлета и падения скандального международного сайта для продажи самых разных наркотиков (и ряда других нелегальных вещей, включая оружие).

Он в одиночку проделал работу двенадцати специалистов, побывав и фронтенд-разработчиком, и бэкенд-программистом, и специалистом по базам данных, и консультантом по Тору, и аналитиком по биткоину, и менеджером проекта, и специалистом по вопросам рекламной стратегии, и директором предп…

3 days, 10 hours назад @ habr.com
Зрелость процессов при управлении рисками ИТ/ИБ
Зрелость процессов при управлении рисками ИТ/ИБ Зрелость процессов при управлении рисками ИТ/ИБ

Должны ли уровни зрелости процессов определять эффективность и результативность контроля, например, над рисками присущими ИТ/ИБ?

В рамках системы внутреннего контроля и управления рисками в вашей организации, зная о рисках и угрозах, присущих любому процессу организации, включая ИТ и ИБ, будете ли вы учитывать уровень зрелости организации и непосредственно процессов организации при внедрении процедур?

Например, вы оцениваете зрелость случайного процесса ИТ как недостаточно зрелую, скажем, по шкале от 1 до 5, зрелость процесса оценивается примерно в 3.

По моим скромным наблюдениям, очень часто при управлении рисками, создании и внедрении каких-либо контрольных процедур, т.е.

Будете ли вы реа…

3 days, 13 hours назад @ habr.com
Хакер Хакер
последний пост 2 days, 1 hour назад
Второй бумажный спецвыпуск «Хакера» уже передан в печать
Второй бумажный спецвыпуск «Хакера» уже передан в печать Второй бумажный спецвыпуск «Хакера» уже передан в печать

Напоминаем о скором выходе второго бумажного спецвыпуска «Хакера», в котором собраны лучшие статьи за 2017–2019 годы, ранее не публиковавшиеся в «бумаге».

Тираж уже передан в печать, но мы продолжаем принимать заказы, и у тебя еще есть шанс пополнить свою коллекцию!

В этот выпуск вошли темы номеров за 2017–2019 годы, то есть луч­шие статьи, опуб­ликован­ные в то вре­мя и посвященные:социальной инженерии;шифрованию в мессенджерах;уязвимостям IOT;китайским хакерским группировкам;взлому iPhone;программированию FPGA;даркнету;реверс-инжинирингу гаджетов;фреймворку Ghira;и многому другому.

Все статьи сопровождаются комментариями авторов и редакторов, которые позволят заглянуть за кулисы создания …

2 days, 1 hour назад @ xakep.ru
GitLab патчит критическую уязвимость, связанную с pipeline jobs
GitLab патчит критическую уязвимость, связанную с pipeline jobs GitLab патчит критическую уязвимость, связанную с pipeline jobs

Разработчики GitLab предупредили о критической уязвимости в GitLab Community (CE) и Enterprise (EE), которая позволяет злоумышленникам запускать pipeline jobs от лица любого другого пользователя.

Проблема затрагивает все версии GitLab CE/EE с 15.8 по 16.11.6, с 17.0 по 17.0.4, а также с 17.1 по 17.1.2.

Подчеркивается, что при определенных обстоятельствах (которые GitLab пока не раскрывает) злоумышленники могут использовать уязвимость для запуска нового пайплайна от имени произвольного пользователя.

Разработчики выпустили GitLab Community и Enterprise версий 17.1.2, 17.0.4 и 16.11.6 для устранения критической проблемы и рекомендуют всем администраторам как можно скорее установить обновления.…

2 days, 2 hours назад @ xakep.ru
Свежая уязвимость в PHP используется для распространения малвари и проведения DDoS-атак
Свежая уязвимость в PHP используется для распространения малвари и проведения DDoS-атак Свежая уязвимость в PHP используется для распространения малвари и проведения DDoS-атак

Специалисты Akamai предупредили, что множество злоумышленников используют обнаруженную недавно уязвимость в PHP для распространения троянов удаленного доступа, криптовалютных майнеров и организации DDoS-атак.

В частности, были замечены эксплоиты, предназначенные для распространения трояна удаленного доступа Gh0st RAT, криптовалютных майнеров RedTail и XMRig, а также DDoS-ботнета Muhstik.

«Атакующие отправляли запрос, похожий на те, что встречались в предыдущих операциях RedTail, чтобы выполнить запрос wget для шелл-скрипта, — пишут исследователи.

— Этот скрипт делает дополнительный сетевой запрос на тот же IP-адрес, расположенный в России, чтобы получить x86-версию вредоносной программы для…

2 days, 3 hours назад @ xakep.ru
«Ростелеком» сообщил о технических проблемах с YouTube. По данным СМИ, YouTube могут заблокировать осенью
«Ростелеком» сообщил о технических проблемах с YouTube. По данным СМИ, YouTube могут заблокировать осенью «Ростелеком» сообщил о технических проблемах с YouTube. По данным СМИ, YouTube могут заблокировать осенью

Это может влиять на скорость загрузки и качество воспроизведения роликов в YouTube у абонентов всех российских операторов.

«Ростелеком» информирует о наличии технических проблем в работе оборудования, принадлежащего компании Google и используемого на сетевой инфраструктуре оператора и пиринговых стыках.

Это может повлиять на скорость загрузки и качество воспроизведения роликов в YouTube у абонентов всех российских операторов», — заявили в компании.

В связи с этим эксперты предполагали, что к 2024 году «пойдут в рост» российские сервисы.

Отвечая на уточняющий вопрос о том, не планирует ли Россия обращаться к YouTube с просьбой урегулировать ситуацию с оборудованием, Песков сказал:«Я не исклю…

2 days, 4 hours назад @ xakep.ru
Группировка CrystalRay атаковала более 1500 организаций с помощью SSH-snake
Группировка CrystalRay атаковала более 1500 организаций с помощью SSH-snake Группировка CrystalRay атаковала более 1500 организаций с помощью SSH-snake

Но теперь в Sysdig предупредили, что стоящие за этими атаками злоумышленники, получившие имя CrystalRay, значительно расширили масштабы своих операций, и в числе пострадавших числятся уже более 1500 организаций.

«Последние наблюдения показывают, что операции CrystalRay масштабировались в 10 раз, достигнув более 1500 жертв, и теперь включают массовое сканирование, использование множества уязвимостей и установку бэкдоров с помощью различных инструментов OSS», — пишут эксперты.

При этом SSH-Snake все еще остается основным инструментом хакеров, с помощью которого они осуществляют продвижение по взломанным сетям.

Также CrystalRay применяет модифицированные PoC-эксплоиты для различных уязвимостей…

2 days, 9 hours назад @ xakep.ru
Асинхронная рансомварь. Разбираем механизм самых быстрых криптолокеров
Асинхронная рансомварь. Разбираем механизм самых быстрых криптолокеров Асинхронная рансомварь. Разбираем механизм самых быстрых криптолокеров

warning Статья име­ет озна­коми­тель­ный харак­тер и пред­назна­чена для спе­циалис­тов по безопас­ности, про­водя­щих рас­сле­дова­ние инци­ден­тов и обратную раз­работ­ку вре­донос­ного ПО.

Под син­хрон­ным спо­собом вво­да‑вывода понима­ются стан­дар­тные фун­кции ReadFile( ) и WriteFile( ) и иные, отличные от WinAPI, которые дол­го, нуд­но и пос­тепен­но чита­ют дан­ные из фай­ла.

file ) { std : : cerr < < "Reading error" < < std : : endl ; return 1 ; } std : : cout < < "Elapsed time: " < < duration .

size () ; ++ i ) { std : : cout < < std : : hex < < static_cast < int > ( buffer [ i ] & 0xff ) < < " " ; } std : : cout < < std : : dec < < std : : endl ; return 0 ; }Ав­торы вирусов‑шиф­…

2 days, 10 hours назад @ xakep.ru
Новый баг в Exim позволяет обойти защиту от опасных вложений
Новый баг в Exim позволяет обойти защиту от опасных вложений Новый баг в Exim позволяет обойти защиту от опасных вложений

С помощью этой проблемы злоумышленники могут обойти защиту и доставить в почтовые ящики пользователей вложения, которые устанавливают приложения или выполняют произвольный код.

Этот баг позволяет атакующим обойти защиту, которая обычно предотвращает отправку опасных вложений.

Специалисты компании Censys предупреждают, что среди более чем 6,5 млн почтовых SMTP-серверов, обнаруженных в ходе интернет-сканирования, 4,8 млн работают под управлением Exim.

Злоумышленники могут использовать этот баг для обхода блокировки конкретных расширений и добавлять исполняемые вложения в свои письма, отправляемые конечным пользователям.

С учетом того, что для срабатывания атаки пользователь должен кликнуть на…

2 days, 11 hours назад @ xakep.ru
Хакеры эксплуатировали уязвимость Windows MSHTML больше года
Хакеры эксплуатировали уязвимость Windows MSHTML больше года Хакеры эксплуатировали уязвимость Windows MSHTML больше года

На этой неделе компания Microsoft устранила 0-day уязвимость в Windows.

Уязвимость CVE-2024-38112 представляет собой проблему типа platform spoofing в Windows MSHTML.

MHTML — это MIME Encapsulation of Aggregate HTML Documents, то есть технология, представленная еще в Internet Explorer, которая превращает всю веб-страницу, включая изображения, в единый архив.

И если URL-адрес запускается с помощью mhtml: , Windows автоматически открывает его в Internet Explorer вместо браузера по умолчанию.

По сути, злоумышленники пользуются тем, что Internet Explorer все еще входит в состав Windows 10 и Windows 11 по умолчанию.

3 days назад @ xakep.ru
У компании Fujitsu украли данные во время кибератаки
У компании Fujitsu украли данные во время кибератаки У компании Fujitsu украли данные во время кибератаки

В компании подчеркивают, что атака не была связана с вымогательским ПО, и злоумышленники использовали сложный механизм, позволивший им избежать обнаружения при краже данных.

Напомним, что в марте текущего года специалисты Fujitsu обнаружили, что несколько систем компании заражены неназванной мавларью, и предположили, что конфиденциальная информация клиентов могла быть скомпрометирована.

«После того как вредоносное ПО было размещено на одном из наших рабочих компьютеров, оно распространилось на другие компьютеры, — поясняют в Fujitsu.

— Это вредоносное ПО не является программой-вымогателем, но использует сложные методы маскировки, затрудняющие обнаружение».

В заявлении подчеркивается, что по…

3 days, 2 hours назад @ xakep.ru
Через китайский маркетплейс Huione Guarantee отмыли 11 млрд долларов
Через китайский маркетплейс Huione Guarantee отмыли 11 млрд долларов Через китайский маркетплейс Huione Guarantee отмыли 11 млрд долларов

По данным блокчейн-аналитиков из компании Elliptic, маркетплейс Huione Guarantee используется как платформа для отмывания денег от интернет-мошенничества.

Huione Guarantee представляет собой маркетплейс на китайском языке, запущенный в 2021 году и принадлежащий камбоджийскому конгломерату Huione Group.

Тем не менее, Huione Guarantee все же гарантирует безопасность сделок, предоставляя своим пользователям эскроу-систему Huione Pay.

По мнению Elliptic, в настоящее время Huione Guarantee является одним из ключевых скам-операторов в странах Юго-Восточной Азии.

Аналитики выявили сотни криптовалютных адресов, контролируемых компаниями Huione и продавцами на Huino Guarantee.

3 days, 3 hours назад @ xakep.ru
Malleable C2. Создаем профиль для скрытой передачи данных Cobalt Strike
Malleable C2. Создаем профиль для скрытой передачи данных Cobalt Strike Malleable C2. Создаем профиль для скрытой передачи данных Cobalt Strike

Что такое профиль Malleable C2Про­филь Malleable C2 поз­воля­ет гиб­ко нас­тро­ить поведе­ние маяч­ка (beacon) Cobalt Strike при вза­имо­дей­ствии с сер­вером управле­ния (Team Server).

Из­менять метадан­ные ( metadata ) и выводи­мую информа­цию ( output ) помогут сле­дующие выраже­ния:append — добав­ляет стро­ку в кон­це дан­ных;— добав­ляет стро­ку в кон­це дан­ных; base64 — кодиру­ет дан­ные в Base64;— кодиру­ет дан­ные в Base64; base64url — кодиру­ет дан­ные в Base64 для исполь­зования в URL;— кодиру­ет дан­ные в Base64 для исполь­зования в URL; mask — выпол­няет опе­рацию XOR со слу­чай­ным клю­чом;— выпол­няет опе­рацию XOR со слу­чай­ным клю­чом; netbios — кодиру­ет дан­ные в NetBIOS…

3 days, 5 hours назад @ xakep.ru
В Cacti устранены уязвимости, обнаруженные Positive Technologies
В Cacti устранены уязвимости, обнаруженные Positive Technologies В Cacti устранены уязвимости, обнаруженные Positive Technologies

Специалист Positive Technologies Алексей Соловьев обнаружил несколько уязвимости в системе мониторинга Cacti.

Cacti широко применяется в дата-центрах, телеком-компаниях, хостинг-провайдерах для оперативного мониторинга, сбора данных и управлениями сбоями сетевой инфраструктуры.

Так, в мае 2024 года число доступных в интернете систем, на которых работает Cacti, оценивалось специалистами Positive Technologies более чем в 1300 установок.

Больше половины из них находятся в четырех странах: Индонезии (36,3%), Бангладеш (10,51%), США (9,67%) и Китае (6,37%).

В нашем случае потенциальный атакующий имел шанс использовать цепочку из трех найденных уязвимостей для полной компрометации системы Cacti и…

3 days, 9 hours назад @ xakep.ru
Малварь ViperSoftX маскируется под электронные книги на торрент-трекерах
Малварь ViperSoftX маскируется под электронные книги на торрент-трекерах Малварь ViperSoftX маскируется под электронные книги на торрент-трекерах

Эксперты Trellix обнаружили новую версию вредоносного ПО ViperSoftX, которое распространяется под видом электронных книг через торрент-трекеры и использует Common Language Runtime (CLR) для динамической загрузки и выполнения команд PowerShell.

— Используя CLR, ViperSoftX получает возможность без труда внедрять функциональность PowerShell, что позволяет выполнять вредоносные функции, обходя механизмы обнаружения, которые в противном случае могли бы заметить PowerShell-активность».

Как рассказывают в Trellix, в настоящее время ViperSoftX распространяется через торрент-трекеры под видом электронных книг.

Используя CLR для загрузки и выполнения команд PowerShell в среде AutoIt, ViperSoftX стрем…

3 days, 11 hours назад @ xakep.ru
Июльские патчи Microsoft исправляют сразу четыре 0-day уязвимости
Июльские патчи Microsoft исправляют сразу четыре 0-day уязвимости Июльские патчи Microsoft исправляют сразу четыре 0-day уязвимости

Также отметим, что в этом месяце разработчики Microsoft исправили сразу пять критических уязвимостей, причем все они связаны с удаленным выполнением кода.

Хотя Microsoft заявляет, что уязвимость уже активно используется в атаках, компания не сообщает никаких дополнительных подробностей об этой проблеме и даже не пишет, кто ее обнаружил.

Microsoft не сообщила, где была раскрыта информация об этой проблеме, но заявляет, что баг был обнаружен внутри компании, собственными специалистами Microsoft.

В Microsoft отмечают, что их «эксплуатация маловероятна».

Также стоит отметить CVE-2024-38023 — проблему, набравшую 7,2 балла по шкале CVSS в Microsoft SharePoint Server, которая так же может привести…

4 days назад @ xakep.ru
Вымогательская атака на банк Evolve Bank & Trust привела к утечке данных 7,6 млн человек
Вымогательская атака на банк Evolve Bank & Trust привела к утечке данных 7,6 млн человек Вымогательская атака на банк Evolve Bank & Trust привела к утечке данных 7,6 млн человек

Представители Evolve Bank & Trust направили уведомления более чем 7,6 млн человек, предупреждая, что их личная информация была скомпрометирована в результате недавней атаки вымогательской группировки LockBit.

Компания отметила, что не заплатила выкуп хакерам, поэтому те сливают украденные данные в сеть.

По данным Evolve Bank & Trust, хакеры похитили личные данные большинства клиентов банка, а также партнеров организации по Open Banking, включая: имена, номера социального страхования, номера банковских счетов и контактную информацию и так далее.

В уведомлениях пострадавшим компания объясняет, что вымогательская атака была обнаружена 29 мая, но злоумышленники имели доступ к сети Evolve Bank &…

4 days, 2 hours назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 1 day, 14 hours назад
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers AT&T Confirms Data Breach Affecting Nearly All Wireless Customers

American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network.

This comprises telephone numbers with which an AT&T or MVNO wireless number interacted – including telephone numbers of AT&T landline customers and customers of other carriers, counts of those interactions, and aggregate call duration for a day or month.

"The threat actors have used data from previous compromises to map phone numbers to identities," Jake Williams, former NSA hacker and faculty at IANS Research, said.

AT&T's list of MVNOs includes Black…

1 day, 14 hours назад @ thehackernews.com
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections.

Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files.

The PowerShell script is configured to retrieve and execute a PowerShell script, which is then used to download an AutoHotKey-based DarkGate package.

Alternate sequences using JavaScript files instead of VBS are no different in that they are also engineered to download and run the follow-up PowerShell script.

"DarkGate C2 traf…

2 days, 5 hours назад @ thehackernews.com
Australian Defence Force Private and Husband Charged with Espionage for Russia
Australian Defence Force Private and Husband Charged with Espionage for Russia Australian Defence Force Private and Husband Charged with Espionage for Russia

Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA.

This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer.

They have been charged with one count each of preparing for an espionage offense, which carries a maximum penalty of 15 years' imprisonment.

Although the exact documents that were accessed were not disclosed, the AFP said they related to Australian national security interests.

Mike Burgess, Director-General of Security in charge of the Australian Security Intelligence Organiz…

2 days, 7 hours назад @ thehackernews.com
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.

Exim is a free, mail transfer agent that's used in hosts that are running Unix or Unix-like operating systems.

Attack surface management firm Censys said 4,830,719 of the 6,540,044 public-facing SMTP mail servers are running Exim.

As of July 12, 2024, 1,563,085 internet-accessible Exim servers are running a potentially vulnerable version (4.97.1 or earlier).

"The vulnerability could allow a remote attacker to bypass filename extension blocking protection measures and deliver executable attachments directly to end-users' mailb…

2 days, 9 hours назад @ thehackernews.com
Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar
Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar

Recent data reveals that compromised credentials are the single biggest attack vector in 2024.

That means stolen passwords, not exotic malware or zero-day exploits, are the most common way hackers breach systems and wreak havoc.

To help you navigate this critical issue, we invite you to join our exclusive webinar, "Compromised Credentials in 2024: What to Know About the World's #1 Attack Vector."

What You'll Learn:In this webinar, Tim Chase will delve into the world of compromised credentials, covering:The Anatomy of an Attack : Understand how attackers steal and exploit credentials through phishing and brute force.

Don't miss this opportunity to arm yourself with the knowledge and tools ne…

2 days, 9 hours назад @ thehackernews.com
U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation
U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation

"The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives," the DoJ said.

The goal of the organization, per the DoJ, was to further Russian interests by spreading disinformation through fictitious online personas representing various nationalities.

The phony social media accounts were registered using private email servers that relied on two domains – mlrtr[.

X has since suspended the bot accounts for violating its terms of service.

While the software package was only identified on X, further analysis…

2 days, 11 hours назад @ thehackernews.com
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass.

"Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition," the company said in an advisory.

The flaw impacts all versions of Expedition prior to version 1.2.92, which remediates the problem.

As workarounds, Palo Alto Networks is recommending that network access to Expedition is restricted to authorized users, hosts, or networks.

However, it's worth noting that PAN-OS firewalls configured to use EAP-TT…

3 days, 4 hours назад @ thehackernews.com
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection.

The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply chain security firm ReversingLabs said.

The end goal of the counterfeit packages, both old and new, is to deliver an off-the-shelf remote access trojan called SeroXen RAT.

The latest collection of packages is characterized by the use of a novel technique called IL weaving that makes it possible to inje…

3 days, 4 hours назад @ thehackernews.com
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk

"DodgeBox is a loader that proceeds to load a new backdoor named MoonWalk," security researchers Yin Hong Chang and Sudeep Singh said.

"MoonWalk shares many evasion techniques implemented in DodgeBox and utilizes Google Drive for command-and-control (C2) communication."

"APT41 employs DLL side-loading as a means of executing DodgeBox," the researchers said.

The rogue DLL (i.e., DodgeBox) is a DLL loader written in C that acts as a conduit to decrypt and launch a second-stage payload, the MoonWalk backdoor.

"DodgeBox is a newly identified malware loader that employs multiple techniques to evade both static and behavioral detection," the researchers said.

3 days, 7 hours назад @ thehackernews.com
Streamlined Security Solutions: PAM for Small to Medium-sized Businesses
Streamlined Security Solutions: PAM for Small to Medium-sized Businesses Streamlined Security Solutions: PAM for Small to Medium-sized Businesses

Small to medium-sized organizations often lack the resources and expertise for robust privileged identity management.

What does a PAM solution offer small to medium-sized organizations?

How small to medium-sized organizations can simplify the implementation and management of a PAM solution?

Small to medium-sized organizations do not need all the complex and convoluted setup required for a traditional PAM solution.

ConclusionDeploying a PAM solution for small to medium-sized enterprises is now straightforward.

3 days, 8 hours назад @ thehackernews.com
New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign
New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024.

Infection chains begin with phishing messages bearing finance-themed lures that trick recipients into clicking on an embedded URL pointing to a 7-Zip archive file hosted on Google Drive.

The HTML files propagating Poco RAT, in turn, contain a link that, upon clicking, leads to the download of the archive containing the malware executable.

The PDF files are no different in that they also contain a Google Drive link that harbors Poco RAT.

"The goal of this campaign is to steal massive amounts of personal identifiable information (PI…

3 days, 9 hours назад @ thehackernews.com
PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

"This is especially true for this PHP vulnerability because of its high exploitability and quick adoption by threat actors."

The disclosure comes as Cloudflare said it recorded a 20% year-over-year increase in DDoS attacks in the second quarter of 2024, and that it mitigated 8.5 million DDoS attacks during the first six months.

In comparison, the company blocked 14 million DDoS attacks for the entirety of 2023.

Information technology and services, telecom, consumer goods, education, construction, and food emerged as the top sectors targeted by DDoS attacks.

"Argentina was ranked as the largest source of DDoS attacks in the second quarter of 2024," the researchers said.

3 days, 14 hours назад @ thehackernews.com
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs

Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.

It's worth noting that the company patched a similar bug late last month (CVE-2024-5655, CVSS score: 9.6) that could also be weaponized to run pipelines as other users.

The disclosure comes as Citrix released updates for a critical, improper authentication flaw impacting NetScaler Console (formerly NetScaler ADM), NetScaler SDX, and NetScaler Agent (CVE-2024-6235, CVSS score: 9.4) that could result in information disclosure.

"OS command injection vulnerabilities have long been preventable by clearly separating user input from the contents of a command," the agencies said.

"Despite this finding,…

3 days, 16 hours назад @ thehackernews.com
New Ransomware Group Exploiting Veeam Backup Software Vulnerability
New Ransomware Group Exploiting Veeam Backup Software Vulnerability New Ransomware Group Exploiting Veeam Backup Software Vulnerability

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware.

"Before the ransomware attack, there were VPN brute-force attempts noted in April 2024 using a dormant account identified as 'Acc1.'

Several days later, a successful VPN login using 'Acc1' was traced back to the remote IP address 149.28.106[.]252."

"This exploitation potentially involved an attack originating from the VeeamHax folder on the file server against the vulnerable version of Veeam Backup & Replication software installed on the backup server," Zi Wei hypothesized.

"Windows Defender was permanently disabled using DC.exe [Defender Control…

4 days, 6 hours назад @ thehackernews.com
Smash-and-Grab Extortion
Smash-and-Grab Extortion Smash-and-Grab Extortion

Now, according to the authors, IoT firmware is assembled from mostly open source components that are riddled with vulnerabilities.

According to other reports, the number of vulnerabilities and the complexity of IoT firmware are growing rapidly year by year.

As shown in the figure, umode firmware is divided into isolated partitions.

If a hacker penetrates one umode partition, he cannot access data or code in other partitions.

As a consequence a hacker may disable the functionality of one umode partition, but not others.

4 days, 8 hours назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост 7 months, 2 weeks назад
Cyber Threats to Watch Out for in 2024
Cyber Threats to Watch Out for in 2024

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 2 weeks назад @ darkreading.com
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 2 weeks назад @ darkreading.com
Ardent Health Hospitals Disrupted After Ransomware Attack
Ardent Health Hospitals Disrupted After Ransomware Attack

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 2 weeks назад @ darkreading.com
General Electric, DARPA Hack Claims Raise National Security Concerns
General Electric, DARPA Hack Claims Raise National Security Concerns

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 2 weeks назад @ darkreading.com
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 2 weeks назад @ darkreading.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 2 weeks назад @ darkreading.com
Balancing Simplicity and Security in the Digital Experience
Balancing Simplicity and Security in the Digital Experience

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 2 weeks назад @ darkreading.com
Hack The Box Launches 5th Annual University CTF Competition
Hack The Box Launches 5th Annual University CTF Competition

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
Fake Browser Updates Targeting Mac Systems With Infostealer
Fake Browser Updates Targeting Mac Systems With Infostealer

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
Generative AI Takes on SIEM
Generative AI Takes on SIEM

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
Web Shells Gain Sophistication for Stealth, Persistence
Web Shells Gain Sophistication for Stealth, Persistence

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
Qatar Cyber Agency Runs National Cyber Drills
Qatar Cyber Agency Runs National Cyber Drills

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 months, 3 weeks назад @ darkreading.com
WeLiveSecurity
последний пост 2 days, 7 hours назад
Should ransomware payments be banned? – Week in security with Tony Anscombe
Should ransomware payments be banned? – Week in security with Tony Anscombe Should ransomware payments be banned? – Week in security with Tony Anscombe

The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles.

What are the implications of outlawing these payments, and would the ban be effective?

Back in May, we weighed in on the UK's apparent plan to make it illegal for critical infrastructure entities to pay ransomware attackers.

As Security Intelligence now reports, Jen Easterly, Director of the United States' Cybersecurity and Infrastructure Security Agency (CISA), has this to say about the subject: "I think within our system in the U.S. — just from a practical perspective — I don’t see it happening."

Now, as opinions seem to vary, what are the wider implications of an apparent lack of…

2 days, 7 hours назад @ welivesecurity.com
Understanding IoT security risks and how to mitigate them | Cybersecurity podcast
Understanding IoT security risks and how to mitigate them | Cybersecurity podcast Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?

Imagine all traffic lights in a city turning green simultaneously, much like in Die Hard 4.

While the Internet of Things (IoT) and its integration into critical infrastructure allow for improved efficiency and remote management, they also introduce new cybersecurity risks.

This might ultimately lead to scenarios that wouldn’t be too dissimilar from the traffic light scene in the movie.

Join the host of the Unlocked 403 cybersecurity podcast Alžbeta Kovaľová as she talks with ESET Senior Research Fellow Righard Zwienenberg about the complexities of …

4 days, 10 hours назад @ welivesecurity.com
5 common Ticketmaster scams: How fraudsters steal the show
5 common Ticketmaster scams: How fraudsters steal the show 5 common Ticketmaster scams: How fraudsters steal the show

Take some time to familiarize yourself with the following top five Ticketmaster scams and how to shake scammers off when hunting for tickets.

Top 5 Ticketmaster scams to look out forYou might encounter variations on any of the below.

Lookalike websitesThese are spoofed to appear as if legitimate Ticketmaster site or official partner/trusted seller, complete with official logo and branding.

Bogus ticketsWhat happens when the show you desperately want to see has sold out on the official Ticketmaster site?

Once they gain access to your Ticketmaster account, scammers could buy tickets in your name and/or send purchased tickets to themselves.

5 days, 10 hours назад @ welivesecurity.com
Social media and teen mental health – Week in security with Tony Anscombe
Social media and teen mental health – Week in security with Tony Anscombe Social media and teen mental health – Week in security with Tony Anscombe

Social media sites are designed to make their users come back for more.

Do laws restricting children's exposure to addictive social media feeds have teeth or are they a political gimmick?

Social media platforms have become a near-constant presence in our daily lives.

However, the rise of social media has also raised concerns about its impact on mental health, particularly among the young.

The New York State, for example, has just passed laws that are designed to protect children and teens from the dangers the online world, including a law on "addictive" social media feeds, the BBC reports.

1 week, 3 days назад @ welivesecurity.com
No room for error: Don’t get stung by these common Booking.com scams
No room for error: Don’t get stung by these common Booking.com scams No room for error: Don’t get stung by these common Booking.com scams

With vacation season in full swing, let’s review some of the most common scams exploiting Booking.com and what to look out for when using this platform.

12 tips for avoiding Booking.com and other travel scamsThese tips will go a long way towards helping you stay safe while using Booking.com.

Booking.com never asks for information like your full credit card details, social security number, or passwords via email or chat.

Make payments through the official Booking.com platform.

Check reviews and ratings of the accommodation on Booking.com and look for reviews that are authentic and detailed.

1 week, 4 days назад @ welivesecurity.com
AI in the workplace: The good, the bad, and the algorithmic
AI in the workplace: The good, the bad, and the algorithmic AI in the workplace: The good, the bad, and the algorithmic

While AI systems can minimize errors associated with fatigue and distraction, they are not infallible.

In other words, AI systems are only as good as the data they are trained on (which requires human expertise and oversight).

So while AI may lack context and understanding of its input data, humans lack an understanding of how their AI systems work.

For example, AI tools used in hiring processes may not consider the broader implications of rejecting candidates based on algorithmic biases, and the further consequences this could have on workplace diversity and inclusion.

Consider generative AI used to write blogs, emails, and social media captions: repetitive sentence structures can make cop…

1 week, 5 days назад @ welivesecurity.com
Hijacked: How hacked YouTube channels spread scams and malware
Hijacked: How hacked YouTube channels spread scams and malware Hijacked: How hacked YouTube channels spread scams and malware

Cybercriminals have long been known to repurpose these channels to spread crypto and other scams and a variety of info-stealing malware, often through links to pirated and malware-laden software, movies and game cheats.

How can cybercriminals take over YouTube channels?

(Since late 2021, content creators need to use 2FA on the Google account associated with their YouTube channel).

Educate yourselfStay informed about the latest cyberthreats and scams targeting you online, including on YouTube.

Secure your devicesUse multi-layered security software across your devices to protect against a variety of threats.

1 week, 6 days назад @ welivesecurity.com
Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe
Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe Key trends shaping the threat landscape in H1 2024 – Week in security with Tony Anscombe

Learn about the categories of threats that 'topped the charts' and the kinds of techniques that bad actors leveraged most commonly in the first half of this year.

This week, the ESET research team released the H1 2024 issue of ESET Threat Report that examines the key trends and developments that defined the cybersecurity landscape from December 2023 to May 2024.

What categories of threats topped the charts and which trended down?

What kinds of techniques did bad actors use most commonly and what are the possible implications for your organization?

Watch the video to learn more about the potential legal and financial repercussions facing companies that fail to accurately report security inci…

2 weeks, 2 days назад @ welivesecurity.com
ESET Threat Report H1 2024
ESET Threat Report H1 2024 ESET Threat Report H1 2024

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research expertsThese past six months painted a dynamic landscape of Android Financial threats – malware going after victims’ mobile banking funds – be it in the form of “traditional” banking malware or, more recently, cryptostealers.

Armed with both Android and iOS versions, this threat has been targeting victims in Southeast Asia through localized malicious apps.

In H1 2024, Rilide Stealer was spotted misusing the names of generative AI assistants, such as OpenAI’s Sora and Google’s Gemini, to entice potential victims.

RedLine Stealer saw several detection spikes in H1 20…

2 weeks, 3 days назад @ welivesecurity.com
Cyber insurance as part of the cyber threat mitigation strategy
Cyber insurance as part of the cyber threat mitigation strategy Cyber insurance as part of the cyber threat mitigation strategy

Why organizations of every size and industry should explore their cyber insurance options as a crucial component of their risk mitigation strategiesOffsetting business risk with insurance is not new.

Mitigating today’s cyber risks requires significant investment in technology and resources, and one element is typically a cyber risk insurance policy.

Cyber insurance and ransomwareThe number of cyberattacks is increasing, despite heightened law enforcement activity and legislation.

The UK government has attempted to make cyber insurance available to even the smallest of businesses through its Cyber Essentials scheme, where a company can adopt a minimum cyber security posture and receive certi…

2 weeks, 4 days назад @ welivesecurity.com
Buying a VPN? Here’s what to know and look for
Buying a VPN? Here’s what to know and look for Buying a VPN? Here’s what to know and look for

This slowdown can vary depending on the VPN's server load, distance from the server, and the quality of the VPN service.

This slowdown can vary depending on the VPN's server load, distance from the server, and the quality of the VPN service.

What to look for in a VPNIt’s important to choose a VPN service that suits your requirements.

And it goes without saying that you also want a VPN service that intuitive and easy to use.

And it goes without saying that you also want a VPN service that intuitive and easy to use.

2 weeks, 5 days назад @ welivesecurity.com
The long-tail costs of a data breach – Week in security with Tony Anscombe
The long-tail costs of a data breach – Week in security with Tony Anscombe The long-tail costs of a data breach – Week in security with Tony Anscombe

Understanding and preparing for the potential long-tail costs of data breaches is crucial for businesses that aim to mitigate the impact of security incidentsA successful cyberattack can affect an organization in many ways, but the way the organization handles the incident extends far beyond the immediate aftermath.

Indeed, the long-term impact can significantly add to the financial burden and may involve regulatory fines years after the breach occurred.

This has been the case with Blackbaud, a data management company that has just been slapped with a fine of $6.75 million by US authorities, including for allegedly failing to "provide timely and accurate information to those impacted by the…

3 weeks, 2 days назад @ welivesecurity.com
My health information has been stolen. Now what?
My health information has been stolen. Now what? My health information has been stolen. Now what?

Mental health startup Cerebral accidentally leaked highly sensitive medical information on 3.1 million people online.

Tell-tale signs include spelling and grammatical mistakes and urgent requests for your personal information, perhaps by asking you to ‘confirm’ your details.

Monitor your accountsIf malicious actors have accessed your PII and medical information, they may sell it to fraudsters or try to use it themselves.

Freeze your credit and cardsDepending on what personal information has been stolen, you might want to activate a credit freeze.

The aim is to use the stolen info to add legitimacy to requests for more personal information like financial details.

3 weeks, 3 days назад @ welivesecurity.com
Hacktivism is evolving – and that could be bad news for organizations everywhere
Hacktivism is evolving – and that could be bad news for organizations everywhere Hacktivism is evolving – and that could be bad news for organizations everywhere

At its most basic, hacktivism is the act of launching cyberattacks for political or social reasons.

Indeed, with attribution still difficult online, the pros of engaging in hacktivist activity still largely outweigh the cons – especially if attacks are secretly backed by nation states.

While these attacks are notably high profile, there are hints of more insidious state-backed efforts masquerading as hacktivism.

One study claimed at least 30 hacktivist groups immediately pivoted activity to the conflict within 48 hours.

Such groups are increasingly targeting private sector organizations with the audacity to speak out on political sensitive issues.

3 weeks, 4 days назад @ welivesecurity.com
Preventative defense tactics in the real world
Preventative defense tactics in the real world Preventative defense tactics in the real world

It’s a defense akin to investing in good demolition equipment in case your house catches fire so you can clear debris quickly and rebuild.

Remote Desktop Protocol (RDP) defenseRDP attacks, if successful, allow attackers to gain administrator privileges and shut off your cyber-defenses.

Adding defensive layers like multi-factor authentication (MFA) can help thwart RDP attacks like brute force and Remote Code Exploits (RCE).

Security companies, including ESET, often release YARA rules and various free tools to help defend against network-based attacks, whether originating from inside or outside the organization.

MFA can stop, or at least blunt, brute force attacks, especially Business Email C…

3 weeks, 6 days назад @ welivesecurity.com
Help Net Security Help Net Security
последний пост 11 часов назад
Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attackA new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS (CVE-2024-3596), leaves most networking equipment open to Man-in-the-Middle (MitM) attacks.

Microsoft’s cybersecurity dilemma: An open letter to Satya NadellaMicrosoft is suffering cybersecurity failures due to systemic problems with strategic leadership.

Managing cyberattack fallout: Financial and operational damageIn this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health.

Travel scams exposed: How to recognize and avoid…

11 часов назад @ helpnetsecurity.com
Hackers stole call, text records of “nearly all” of AT&T’s cellular customers
Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers stole call, text records of “nearly all” of AT&T’s cellular customers

Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed.

It also does not include some typical information you see in your usage details, such as the time stamp of calls or texts,” AT&T said.

AT&T: Stolen data isn’t publicly available“Based on our investigation, the compromised data includes files containing AT&T records of calls and texts of nearly all of AT&T’s cellular customers, customers of mobile virtual network operators (MVNOs) using AT&T’s wireless network, as well as AT&T’s landline customers who interacted with those cellular numbers between…

2 days, 7 hours назад @ helpnetsecurity.com
Info of 2,3+ million individuals stolen in Advance Auto Parts data breach
Info of 2,3+ million individuals stolen in Advance Auto Parts data breach Info of 2,3+ million individuals stolen in Advance Auto Parts data breach

Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney general offices in several US states.

The data breach notices sent out to affected Advance Auto Parts customers say that threat actor exfiltrated their personal information: name, Social Security number, driver’s license or other government issued identification number, and date of birth.

160+ organizations breached via Snowflake accounts without MFA protectionFrom the very beginning, Snowflake had maintained that customers’ accounts were compromised a…

2 days, 8 hours назад @ helpnetsecurity.com
Gathid identity governance platform enhancements help identify access changes
Gathid identity governance platform enhancements help identify access changes Gathid identity governance platform enhancements help identify access changes

By constructing a virtual replica of an organization’s identity landscape, the Gathid Identity Graph creates a 360° snapshot of all identities and their access privileges—providing an outstanding base for an enterprise to curate expected access for business roles.

The result is a transformative identity and access governance solution that harnesses powerful digital twin and knowledge graph technology to revolutionize enterprise role-based access control.

Combining the most advanced knowledge graph and digital twin technologies, the Gathid Identity Graph automates and streamlines the complexity of role mining.

“The Gathid Identity Graph enables organizations to see their identities like neve…

2 days, 11 hours назад @ helpnetsecurity.com
Forcepoint promotes Ryan Windham to CEO
Forcepoint promotes Ryan Windham to CEO Forcepoint promotes Ryan Windham to CEO

Forcepoint announced the promotion of Ryan Windham, Chief Customer and Strategy Officer, to Chief Executive Officer (CEO), succeeding Manny Rivelo, who is retiring from his position as CEO of the company.

Windham brings 25 years of innovation and customer-first leadership experience in cybersecurity, automation and AI/ML to his role as CEO.

Prior to joining Forcepoint in 2023, Windham was CEO at AppViewX, a leader in low-code/no-code automation, helping to drive a 95 percent customer retention rate and 80 percent subscription revenue growth year-over-year.

“Forcepoint is well positioned for the future as a leader in uniquely prioritizing data security across all possible touchpoints and dev…

2 days, 11 hours назад @ helpnetsecurity.com
How to design a third-party risk management framework
How to design a third-party risk management framework How to design a third-party risk management framework

An effective third-party risk management framework ensures that an organization is not derailed by vendor risks and vulnerabilities.

Make sure that representatives from each department – operations, risk management, IT, procurement, legal, cybersecurity, compliance, etc.

Establish a process for third-party risk managementOrganizations with central third-party risk management in place report better risk understanding and faster actions.

Continuous monitoring and improvementFor maximum efficiency, you need continuous monitoring and evaluation of your third-party risk management services.

To uphold your industry’s competitiveness and resilience, develop a third-party risk management framework …

2 days, 15 hours назад @ helpnetsecurity.com
Managing cyberattack fallout: Financial and operational damage
Managing cyberattack fallout: Financial and operational damage Managing cyberattack fallout: Financial and operational damage

In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health.

Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and partners.

Beyond these immediate expenses, long-term financial concerns may arise from regulatory and legal penalties, lost business, and challenges in acquiring new business.

Depending on the impact, some business operations may be down for weeks or months which can lead to further concerns for a company.

Risk assessments, business impact analysis (BIA), gap analysis, and penetration testing can help …

2 days, 15 hours назад @ helpnetsecurity.com
Top priorities for compliance leaders this year
Top priorities for compliance leaders this year Top priorities for compliance leaders this year

Legal, compliance and privacy leaders list strengthening their personal impact on company strategy as their top priority for 2024, according to Gartner.

Legal and compliance leaders are expected to function as lawyers, risk managers, strategists, diplomats, process builders and the corporate conscience.

These increased expectations place greater pressure on leaders’ limited time and incentivize them to influence other C-suite leaders to ensure legal and compliance goals are met.

“Legal and compliance leaders know they must improve existing TPRM programs or develop a TPRM program to manage the new associated risks.”Ensuring compliance strategy aligns with regulationsLegal and compliance lead…

2 days, 16 hours назад @ helpnetsecurity.com
New infosec products of the week: July 12, 2024
New infosec products of the week: July 12, 2024 New infosec products of the week: July 12, 2024

Here’s a look at the most interesting products from the past week, featuring releases from AttackIQ, IT-Harvest, Pentera, Prompt Security, and Quantum Xchange.

AttackIQ Mission Control simplifies security testing for distributed teamsAttackIQ Mission Control enhances AttackIQ Enterprise BAS deployments within large organizations, streamlining security testing for distributed teams.

Pentera updates RansomwareReady to secure Linux environmentsPentera announced a major update to its RansomwareReady product, enabling customers to proactively test the security of their Linux environments.

With this addition, Pentera empowers organizations to adopt proactive measures against the world’s most perv…

2 days, 16 hours назад @ helpnetsecurity.com
Kanguru’s hardware-based internal SEDs secure data on laptops, tablets, and computers
Kanguru’s hardware-based internal SEDs secure data on laptops, tablets, and computers Kanguru’s hardware-based internal SEDs secure data on laptops, tablets, and computers

Kanguru has unveiled its latest security product line aimed at helping organizations safeguard sensitive data on laptops, tablets, and computers.

The new hardware-based internal Self-Encrypting Drives (SEDs) are high-performance solid state drives designed to provide optimal security.

Kanguru Defender SEDs employ full military-grade AES 256-bit hardware encryption and offer FIPS 140-2 certification on select models.

High-capacity data storageThe Kanguru Defender SEDs offer substantial data storage options with high capacities.

The Defender SED300 NVMe, SATA, and CIGENT bundled models consist of capacities from 500GB to 2TB.

3 days, 6 hours назад @ helpnetsecurity.com
Using Authy? Beware of impending phishing attempts
Using Authy? Beware of impending phishing attempts Using Authy? Beware of impending phishing attempts

If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks.

The group suggests cross-referencing the Authy list with customer databases stolen from cryptocurrency exchanges Gemini and Nexo, so that the buyers can engage in extremely targeted phishing or SIM swapping to get their hands on users’ cryptocurrency stash.

But time and time again, unsecured, publicly exposed APIs are abused to collect all sorts of user data, including data that can be used to hijack accounts.

But, as the researchers noted, “1-click login” links were also included in the data, allowing potential attackers ignore the password requirement.

This is evident f…

3 days, 7 hours назад @ helpnetsecurity.com
ScienceLogic enhances AIOps platform to improve security and third-party industry interoperability
ScienceLogic enhances AIOps platform to improve security and third-party industry interoperability ScienceLogic enhances AIOps platform to improve security and third-party industry interoperability

ScienceLogic announced a series of key updates to its AIOps platform to deliver enhanced reliability and security, enterprise enablement, third-party integration, improved user experience, and greater support for data center needs.

“The latest updates to the ScienceLogic platform demonstrate our commitment to providing our customers with exceptional user experiences by continually enhancing the utility, reliability, and security of the platform,” said Michael Nappi, CPO at ScienceLogic.

Elevated security and system performance with ServiceNow Syncpacks supportThe updates to the ScienceLogic platform include upleveled security enhancements designed to protect users’ data and strengthen integ…

3 days, 7 hours назад @ helpnetsecurity.com
Prompt Security introduces GenAI security solution for MSSPs
Prompt Security introduces GenAI security solution for MSSPs Prompt Security introduces GenAI security solution for MSSPs

Prompt Security announced its product and go-to-market support for Managed Security Service Providers (MSSPs).

Prompt Security enables enterprises to adopt GenAI while protecting against a full range of risks to their applications, employees, and customers.

At every touchpoint of GenAI in an organization — from GenAI tools and assistants used by employees and developers to GenAI integrations in homegrown applications — Prompt Security inspects each prompt and model response to prevent the exposure of sensitive data, block harmful content, and secure against GenAI-specific attacks.

Additionally, these innovative capabilities give MSSPs a competitive edge by offering a complete GenAI Security…

3 days, 11 hours назад @ helpnetsecurity.com
How AI helps decode cybercriminal strategies
How AI helps decode cybercriminal strategies How AI helps decode cybercriminal strategies

The dark web is a hugely complex landscape, well-known for the promise of anonymity, and a domain where cybercriminals organize and plan their attacks against organizations.

The dark web is a perfect use case for AIThe dark web represents a classic case of unstructured, disparate, and difficult-to-analyze data.

The dark web is a global space with cybercriminals operating in various languages and using complex and dark-web-specific slang.

As technological advancements continue, the integration of AI in threat intelligence will become standard.

Looking beyond the hype, AI could prove to be a major catalyst in bringing proactive dark web monitoring into the mainstream.

3 days, 15 hours назад @ helpnetsecurity.com
Strengthening cybersecurity preparedness with defense in depth
Strengthening cybersecurity preparedness with defense in depth Strengthening cybersecurity preparedness with defense in depth

In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity.

How do international inconsistencies in cybersecurity preparedness affect global business operations, and what can be done to mitigate these issues?

What should be the key components of a crisis management and communication strategy in the event of a major cybersecurity incident?

Loss of shareholder confidence is a very real consequence of a security incident.

Combining this with continuous threat monitoring allows security leaders to detect a…

3 days, 15 hours назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 3 days, 6 hours назад
Authy breach exposes data of millions – what to look out for if you use it
Authy breach exposes data of millions – what to look out for if you use it

The exposure of millions of users’ phone numbers in the recent breach of Twilio’s 2FA app, Authy, has serious implications for users, who are now at a significantly heightened risk of phishing attacks and SIM swapping, endangering their privacy and security. It’s important for users to be vigilant and learn the signs of phishing attacks […]

The post Authy breach exposes data of millions – what to look out for if you use it first appeared on IT Security Guru.

The post Authy breach exposes data of millions – what to look out for if you use it appeared first on IT Security Guru.

3 days, 6 hours назад @ itsecurityguru.org
Report reveals that three quarters of UK businesses have been impacted by AI-powered cyber threats
Report reveals that three quarters of UK businesses have been impacted by AI-powered cyber threats

Darktrace, a global leader in cybersecurity AI, has today released its UK State of AI Cybersecurity Report, which surveyed over 200 security leaders and practitioners across a broad array of industries. The research asked security leaders their thoughts on the threats facing their businesses following the widespread adoption of AI, which has increased the speed, […]

The post Report reveals that three quarters of UK businesses have been impacted by AI-powered cyber threats first appeared on IT Security Guru.

The post Report reveals that three quarters of UK businesses have been impacted by AI-powered cyber threats appeared first on IT Security Guru.

3 days, 7 hours назад @ itsecurityguru.org
Cyber Confidence at MSPs high, despite falling victim to data breaches
Cyber Confidence at MSPs high, despite falling victim to data breaches

New research conducted by CyberSmart, a leading provider of SME security solutions indicates that nearly all MSPS report high rates of cyber confidence across their organisations, despite the vast majority having experienced at least one data breach in the past 12 months. The research, conducted by OnePoll in Spring 2024, polled 250 senior leaders […]

The post Cyber Confidence at MSPs high, despite falling victim to data breaches first appeared on IT Security Guru.

The post Cyber Confidence at MSPs high, despite falling victim to data breaches appeared first on IT Security Guru.

4 days, 8 hours назад @ itsecurityguru.org
RockYou2024: 10 BILLION unique passwords exposed – what now?
RockYou2024: 10 BILLION unique passwords exposed – what now?

The “RockYou2024” data leak has exposed nearly 10 billion unique plaintext passwords. This breach, discovered by researchers and shared on a popular hacking forum, represents a dramatic increase in the threat of credential-stuffing attacks. The dataset, posted by a user known as “ObamaCare,” combines data from various breaches over the past two decades, with the […]

The post RockYou2024: 10 BILLION unique passwords exposed – what now? first appeared on IT Security Guru.

The post RockYou2024: 10 BILLION unique passwords exposed – what now? appeared first on IT Security Guru.

5 days, 8 hours назад @ itsecurityguru.org
Cato Networks Named a Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE
Cato Networks Named a Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE

Cato Networks, the SASE leader, today announced that Gartner, Inc. has recognised the company as a Leader in the 2024 Gartner® Magic Quadrant™ for Single-Vendor SASE. “Cato’s true SASE platform is the antidote to IT complexity that persists in the face of ongoing so-called ‘platformization’ efforts,” said Shlomo Kramer, co-founder and CEO at Cato Networks. […]

The post Cato Networks Named a Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE first appeared on IT Security Guru.

The post Cato Networks Named a Leader in the 2024 Gartner Magic Quadrant for Single-Vendor SASE appeared first on IT Security Guru.

5 days, 9 hours назад @ itsecurityguru.org
SQR Wins Isle of Man Government Contract
SQR Wins Isle of Man Government Contract

SQR, a leading provider of digital identity solutions, has won a major contract with the Isle of Man Government. The fast-growing Isle of Man based firm has been selected in partnership with software development and digital transformation experts, PDMS, to provide an independent digital identity verification solution for the Isle of Man’s Central Registry. This […]

The post SQR Wins Isle of Man Government Contract first appeared on IT Security Guru.

The post SQR Wins Isle of Man Government Contract appeared first on IT Security Guru.

5 days, 10 hours назад @ itsecurityguru.org
Keeper Security Launches Zero-Knowledge Remote Browser Isolation in Keeper Connection Manager
Keeper Security Launches Zero-Knowledge Remote Browser Isolation in Keeper Connection Manager

Keeper Security has introduced Remote Browser Isolation, a new component of Keeper Connection Manager. Remote Browser Isolation provides users with secure access to web-based assets such as internal web applications and cloud applications – using any standard web browser. Remote Browser Isolation is the latest enhancement to KeeperPAM. Keeper Connection Manager offers teams instant access […]

The post Keeper Security Launches Zero-Knowledge Remote Browser Isolation in Keeper Connection Manager first appeared on IT Security Guru.

The post Keeper Security Launches Zero-Knowledge Remote Browser Isolation in Keeper Connection Manager appeared first on IT Security Guru.

1 week, 3 days назад @ itsecurityguru.org
IT Security Responsibilities for Online Start-Ups
IT Security Responsibilities for Online Start-Ups

In this digital world we live in, online start-ups are emerging rapidly, harnessing the power of the internet to reach global audiences and deliver innovative solutions. However, with the increased digital presence comes an elevated risk of cyber threats. For new online businesses, implementing robust cybersecurity strategies is not just an option, but a necessity. […]

The post IT Security Responsibilities for Online Start-Ups first appeared on IT Security Guru.

The post IT Security Responsibilities for Online Start-Ups appeared first on IT Security Guru.

1 week, 3 days назад @ itsecurityguru.org
UK law firms feeling pressure to prioritise business continuity over cybersecurity
UK law firms feeling pressure to prioritise business continuity over cybersecurity

The never-ending fragmentation of IT, driven by the rapid and constant evolution of Legal Tech, is causing huge cyber defence issues for UK legal firms, according to a new report from Managed Threat Detection & Response Provider, e2e-assure. The complexity in defence is exacerbated by the rise of the “citizen developer” in the legal sector, […]

The post UK law firms feeling pressure to prioritise business continuity over cybersecurity first appeared on IT Security Guru.

The post UK law firms feeling pressure to prioritise business continuity over cybersecurity appeared first on IT Security Guru.

1 week, 4 days назад @ itsecurityguru.org
Blurred lines: Securing the physical and digital sides of business
Blurred lines: Securing the physical and digital sides of business

Understanding cybersecurity can be challenging. Although cyber threats such as data theft and financial fraud represent serious business concerns, physical threats often evoke more fear due to their tangible nature. With the boundaries between physical and digital security becoming increasingly blurred, innovative criminals are adopting methods to attack businesses on all fronts. A strategy that […]

The post Blurred lines: Securing the physical and digital sides of business first appeared on IT Security Guru.

The post Blurred lines: Securing the physical and digital sides of business appeared first on IT Security Guru.

1 week, 4 days назад @ itsecurityguru.org
Protecting our data in a world of rising cyber attacks
Protecting our data in a world of rising cyber attacks

In today’s volatile digital climate, the security of workers’ and customers’ data and information, as well as the finances and intellectual property of organizations themselves, continues to be questioned. Data sits at the very heart of the world’s largest companies, and despite a heightened awareness of cyber-security best practices, attacks are on the rise. According […]

The post Protecting our data in a world of rising cyber attacks first appeared on IT Security Guru.

The post Protecting our data in a world of rising cyber attacks appeared first on IT Security Guru.

1 week, 4 days назад @ itsecurityguru.org
Fear and Silence: 50% of Employees Hesitant to Report Security Errors
Fear and Silence: 50% of Employees Hesitant to Report Security Errors

Despite the growing implementation of security awareness training, recent research indicates that over half of cybersecurity professionals are concerned about security behaviours within their organisations. Key Findings from the Survey A survey conducted by ThinkCyber has revealed significant insights into attitudes towards security awareness training. Participants were asked to identify the security behaviours that posed […]

The post Fear and Silence: 50% of Employees Hesitant to Report Security Errors first appeared on IT Security Guru.

The post Fear and Silence: 50% of Employees Hesitant to Report Security Errors appeared first on IT Security Guru.

1 week, 4 days назад @ itsecurityguru.org
One in ten Brits targeted by scammers this summer
One in ten Brits targeted by scammers this summer

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released findings on the increased rate of scams targeting people this summer in the UK. It warns people looking to travel abroad or attend music festivals, The Euros, Wimbledon, Taylor Swift’s Eras Tour or the Olympics to be vigilant against […]

The post One in ten Brits targeted by scammers this summer first appeared on IT Security Guru.

The post One in ten Brits targeted by scammers this summer appeared first on IT Security Guru.

1 week, 4 days назад @ itsecurityguru.org
SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords
SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords

SandboxAQ has announced its membership in the FIDO Alliance, an open industry consortium focused on minimizing the world’s dependence on passwords—a prevalent source of security and usability problems. By joining forces with prominent FIDO Alliance members such as Amazon, Apple, Google, Intel, Microsoft, RSA, VISA, Yubico, and others, SandboxAQ aims to enhance and advance the […]

The post SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords first appeared on IT Security Guru.

The post SandboxAQ Joins the FIDO Alliance to Further Drive the Use of Secure Protocols instead of Passwords appeared first on IT Security Guru.

2 weeks, 2 days назад @ itsecurityguru.org
Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad
Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad

For companies that have too many phone calls and emails to keep up, it is very common to outsource your customer services, either domestically in the UK or abroad to the likes of India or The Philippines. There are certainly cost benefits, with call centres often significantly cheaper than hiring a team in-house and you […]

The post Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad first appeared on IT Security Guru.

The post Review: Top 5 For Outsourced Customer Service Solutions UK and Abroad appeared first on IT Security Guru.

2 weeks, 2 days назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост None
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост None
Schneier on Security Schneier on Security
последний пост 3 часа назад
Upcoming Speaking Engagements
Upcoming Speaking Engagements Upcoming Speaking Engagements

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

The event will also be available via Zoom.

I’m speaking at the TEDxBillings Democracy Event in Billings, Montana, USA, on July 19, 2024.

The list is maintained on this page.

Posted on July 14, 2024 at 12:05 PM • 0 Comments

3 часа назад @ schneier.com
Friday Squid Blogging: 1994 Lair of Squid Game
Friday Squid Blogging: 1994 Lair of Squid Game Friday Squid Blogging: 1994 Lair of Squid Game

I didn’t know:In 1994, Hewlett-Packard released a miracle machine: the HP 200LX pocket-size PC.

In the depths of the device, among the MS-DOS productivity apps built into its fixed memory, there lurked a first-person maze game called Lair of Squid.

[…]In Lair of Squid, you’re trapped in an underwater labyrinth, seeking a way out while avoiding squid roaming the corridors.

To progress through each stage and ascend to the surface, you locate the exit and provide a hidden, scrambled code word.

The password is initially displayed as asterisks, with letters revealed as you encounter them within the maze.

1 day, 22 hours назад @ schneier.com
The NSA Has a Long-Lost Lecture by Adm. Grace Hopper
The NSA Has a Long-Lost Lecture by Adm. Grace Hopper The NSA Has a Long-Lost Lecture by Adm. Grace Hopper

Basically, the recording is in an obscure video format.

People at the NSA can’t easily watch it, so they can’t redact it.

With digital obsolescence threatening many early technological formats, the dilemma surrounding Admiral Hopper’s lecture underscores the critical need for and challenge of digital preservation.

It is our shared obligation to safeguard such pivotal elements of our nation’s history, ensuring they remain within reach of future generations.

While the stewardship of these recordings may extend beyond the NSA’s typical purview, they are undeniably a part of America’s national heritage.

2 days, 8 hours назад @ schneier.com
Apple Is Alerting iPhone Users of Spyware Attacks
Apple Is Alerting iPhone Users of Spyware Attacks Apple Is Alerting iPhone Users of Spyware Attacks

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

3 days, 4 hours назад @ schneier.com
RADIUS Vulnerability
RADIUS Vulnerability RADIUS Vulnerability

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

4 days, 5 hours назад @ schneier.com
Reverse-Engineering Ticketmaster’s Barcode System
Reverse-Engineering Ticketmaster’s Barcode System Reverse-Engineering Ticketmaster’s Barcode System

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

5 days, 3 hours назад @ schneier.com
On the CSRB’s Non-Investigation of the SolarWinds Attack
On the CSRB’s Non-Investigation of the SolarWinds Attack On the CSRB’s Non-Investigation of the SolarWinds Attack

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

6 days, 1 hour назад @ schneier.com
Friday Squid Blogging: Newly Discovered Vampire Squid
Friday Squid Blogging: Newly Discovered Vampire Squid Friday Squid Blogging: Newly Discovered Vampire Squid

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 1 day назад @ schneier.com
New Open SSH Vulnerability
New Open SSH Vulnerability New Open SSH Vulnerability

It’s a serious one:The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk.

This race condition affects sshd in its default configuration.

Moreover, gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities.

This vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack.

Advancements in deep learning may significantly increase t…

1 week, 4 days назад @ schneier.com
Public Surveillance of Bars
Public Surveillance of Bars Public Surveillance of Bars

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 5 days назад @ schneier.com
Upcoming Book on AI and Democracy
Upcoming Book on AI and Democracy Upcoming Book on AI and Democracy

Upcoming Book on AI and DemocracyIf you’ve been reading my blog, you’ve noticed that I have written a lot about AI and democracy, mostly with my co-author Nathan Sanders.

I am pleased to announce that we’re writing a book on the topic.

This isn’t a book about deep fakes, or misinformation.

This is what I talked about in my RSA Conference speech last month, which you can both watch and read.

The book will be published by MIT Press sometime in fall 2025, with an open-access digital version available a year after that.

1 week, 6 days назад @ schneier.com
Model Extraction from Neural Networks
Model Extraction from Neural Networks Model Extraction from Neural Networks

A new paper, “Polynomial Time Cryptanalytic Extraction of Neural Network Models,” by Adi Shamir and others, uses ideas from differential cryptanalysis to extract the weights inside a neural network using specific queries and their results.

Abstract:Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks.

Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access to their black-box implementations.

Many versions of this problem have been studied over the last 30 years, and the best current attack on ReLU-based deep neural networks was presented at Crypto’20…

1 week, 6 days назад @ schneier.com
Friday Squid Blogging: New Squid Species
Friday Squid Blogging: New Squid Species Friday Squid Blogging: New Squid Species

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 1 day назад @ schneier.com
James Bamford on Section 702 Extension
James Bamford on Section 702 Extension James Bamford on Section 702 Extension

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 2 days назад @ schneier.com
Security Analysis of the EU’s Digital Wallet
Security Analysis of the EU’s Digital Wallet Security Analysis of the EU’s Digital Wallet

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 3 days назад @ schneier.com
Krebs On Security
последний пост 2 days, 1 hour назад
Hackers Steal Phone, SMS Records for Nearly All AT&T Customers
Hackers Steal Phone, SMS Records for Nearly All AT&T Customers Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers.

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).

Wired reported last month how the hackers behind the Snowflake data thefts purchased stolen Snowflake credentials from dark web services that sell access to usernames, passwords and authentication tokens that are siphoned by information-stealing malware.

Other companies with millions of customer records stolen from Snowflake servers include Advance Auto Parts, Allstat…

2 days, 1 hour назад @ krebsonsecurity.com
The Stark Truth Behind the Resurgence of Russia’s Fin7
The Stark Truth Behind the Resurgence of Russia’s Fin7 The Stark Truth Behind the Resurgence of Russia’s Fin7

But Edwards said that one site pointed to many other Fin7 properties at Stark Industries Solutions, a large hosting provider that materialized just two weeks before Russia invaded Ukraine.

As KrebsOnSecurity wrote in May, Stark Industries Solutions is being used as a staging ground for wave after wave of cyberattacks against Ukraine that have been tied to Russian military and intelligence agencies.

“FIN7 rents a large amount of dedicated IP on Stark Industries,” Edwards said.

One of the new Fin7 domains identified by Silent Push is cybercloudsec[.

Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

4 days, 3 hours назад @ krebsonsecurity.com
Microsoft Patch Tuesday, July 2024 Edition
Microsoft Patch Tuesday, July 2024 Edition Microsoft Patch Tuesday, July 2024 Edition

Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products.

The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems.

On top of that, more than a quarter of all vulnerabilities Microsoft fixed this month are in SQL server.

It’s a good idea for Windows end-users to stay current with security updates from Microsoft, which can quickly pile up otherwise.

For a more detailed breakdown of the individual flaws addressed by Microsoft today, check out the SANS Internet Storm Center’s list.

5 days назад @ krebsonsecurity.com
The Not-So-Secret Network Access Broker x999xx
The Not-So-Secret Network Access Broker x999xx The Not-So-Secret Network Access Broker x999xx

In August 2023, x999xx sold access to a company that develops software for the real estate industry.

ALIAS: MAXNMThe oldest account by the name x999xx appeared in 2009 on the Russian language cybercrime forum Verified, under the email address [email protected].

The user x999xx registered on the Russian language cybercrime community Zloy in 2014 using the email address [email protected].

Cyber intelligence company Intel 471 finds the user Maxnm registered on Zloy in 2006 from an Internet address in Chelyabinsk, using the email address [email protected].

x999xx’s lackadaisical approach to personal security mirrors that of Wazawaka, another top Russian access broker who sold access…

1 week, 4 days назад @ krebsonsecurity.com
KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO
KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

The story on Radaris noted that the Lubarsky brothers registered most of their businesses using a made-up name — “Gary Norden,” sometimes called Gary Nord or Gary Nard.

“Neither of my clients is a founder of Radaris, and neither of my clients is the CEOs of Radaris,” Gurvits wrote.

THE BIG LUBARSKYIn his most recent demand letter, Mr. Gurvits helpfully included resumes for both of the Lubarsky brothers.

That list, available here, includes virtually every “Gary Norden” domain name mentioned in my original report, plus a few that escaped notice earlier.

Mr. Gurvits’ most-publicized defamation case was a client named Aleksej Gubarev, a Russian technology executive whose name appeared in the St…

3 weeks, 3 days назад @ krebsonsecurity.com
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote.

The security firm Group-IB dubbed the gang by a different name — 0ktapus, a nod to how the criminal group phished employees for credentials.

The group then pivoted, using their access to Twilio to attack at least 163 of its customers.

Also in August 2022, several employees at email delivery firm Mailchimp provided their remote access credentials to this phishing group.

However, on November 30, 2022 LastPass disclosed a far more serious breach that the company said leveraged data stolen in the August breach.

4 weeks назад @ krebsonsecurity.com
Patch Tuesday, June 2024 “Recall” Edition
Patch Tuesday, June 2024 “Recall” Edition Patch Tuesday, June 2024 “Recall” Edition

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users.

Security experts roundly trashed Recall as a fancy keylogger, noting that it would be a gold mine of information for attackers if the user’s PC was compromised with malware.

Microsoft countered that Recall snapshots never leave the user’s system, and that even if attackers managed to hack a Copilot+ PC they would not be able to exfiltrate on-device Recall data.

And this could speed up that sort of discovery process.”Responding to the withering criticism of Recall, Microsoft said last week that it will no longer be enabl…

1 month назад @ krebsonsecurity.com
‘Operation Endgame’ Hits Malware Delivery Platforms
‘Operation Endgame’ Hits Malware Delivery Platforms ‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.

Operation Endgame targets the cybercrime ecosystem supporting droppers/loaders, slang terms used to describe tiny, custom-made programs designed to surreptitiously install malware onto a target system.

In those cases, the dropper is the hidden component bundled with the legitimate software that quietly loads malware onto the user’s system.

Droppers remain such a critical, human-intensive component of nearly all major cybercrime enterprises that the most popular have turned i…

1 month, 2 weeks назад @ krebsonsecurity.com
Is Your Computer Part of ‘The Largest Botnet Ever?’
Is Your Computer Part of ‘The Largest Botnet Ever?’ Is Your Computer Part of ‘The Largest Botnet Ever?’

On May 24, authorities in Singapore arrested the alleged creator and operator of 911 S5, a 35-year-old Chinese national named YunHe Wang.

911 S5 built its proxy network mainly by offering “free” virtual private networking (VPN) services.

KrebsOnSecurity first identified Mr. Wang as the proprietor of the popular service in a deep dive on 911 S5 published in July 2022.

Ten days later, 911 S5 closed up shop, claiming it had been hacked.

The government says Wang is charged with conspiracy to commit computer fraud, substantive computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering.

1 month, 2 weeks назад @ krebsonsecurity.com
Treasury Sanctions Creators of 911 S5 Proxy Botnet
Treasury Sanctions Creators of 911 S5 Proxy Botnet Treasury Sanctions Creators of 911 S5 Proxy Botnet

KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

That story named Yunhe Wang from Beijing as the apparent owner or manager of the 911 S5 proxy service.

In today’s Treasury action, Mr. Wang was named as the primary administrator of the botnet that powered 911 S5.

“Jingping Liu assisted Yunhe Wang by laundering criminally derived proceeds through bank accounts held in her name that were then utilized to purchase luxury real estate properties for Yunhe Wang,” the document continues.

In the months that followed, however, 911 S5 would resurrect itself under a different name: Cloud Router.

1 month, 2 weeks назад @ krebsonsecurity.com
Stark Industries Solutions: An Iron Hammer in the Cloud
Stark Industries Solutions: An Iron Hammer in the Cloud Stark Industries Solutions: An Iron Hammer in the Cloud

But Stark Industries Solutions Ltd was incorporated on February 10, 2022, just two weeks before the Russian invasion of Ukraine.

Spur finds that Stark Industries (AS44477) currently is home to at least 74 VPN services, and 40 different proxy services.

(aka Perfect Quality Hosting), a Moldovan company formed in 2019 that lists the same UK mail drop address as Stark Industries.

But he said Stark Industries Solutions is indeed one of MIRhsoting’s colocation customers.

Spur.us likewise finds that virtually all of the Stark address ranges marked “DediPath LLC” are tied to Proxyline.

1 month, 3 weeks назад @ krebsonsecurity.com
Why Your Wi-Fi Router Doubles as an Apple AirTag
Why Your Wi-Fi Router Doubles as an Apple AirTag Why Your Wi-Fi Router Doubles as an Apple AirTag

At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices.

Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.

Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID.

The researchers said that by zeroing in on or “geofencing” other smaller regions indexed by Apple’s location API, they could monitor how Wi-Fi access points moved over time.

But in late March 2024, Apple quietly tweaked its privacy policy, allowing people…

1 month, 3 weeks назад @ krebsonsecurity.com
Patch Tuesday, May 2024 Edition
Patch Tuesday, May 2024 Edition Patch Tuesday, May 2024 Edition

There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser.

Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches.

Finally, Adobe has critical security patches available for a range of products, including Acrobat, Reader, Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate and Adobe Framemaker.

Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on a…

2 months назад @ krebsonsecurity.com
How Did Authorities Identify the Alleged Lockbit Boss?
How Did Authorities Identify the Alleged Lockbit Boss? How Did Authorities Identify the Alleged Lockbit Boss?

The Treasury filing says Khoroshev used the emails [email protected], and [email protected].

Cyber intelligence firm Intel 471 finds that [email protected] was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc.

In response to an Exploit member who complained that the security industry was making it harder to profit from ransomware, Putinkrab said that was because so many cybercriminals were relying on crappy ransomware code.

Contact with the owner of the key is lost over time.”Putinkrab said he had every confidence his ransomware code was a game-changer, and a huge money machine.

The Justice Department says the LockBit ransomware affiliate prog…

2 months назад @ krebsonsecurity.com
U.S. Charges Russian Man as Boss of LockBit Ransomware Group
U.S. Charges Russian Man as Boss of LockBit Ransomware Group U.S. Charges Russian Man as Boss of LockBit Ransomware Group

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit.

The government says LockBit victims included individuals, small businesses, multinational corporations, hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies.

One of the victims LockBitSupp continued extorting was Fulton County, Ga. Eve LockBit’s darknet sites.

KrebsOnSecurity has been in intermittent contact with LockBitSupp for several months over the course of reporting on different LockBit victims.

The government says Russian nation…

2 months, 1 week назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 2 days, 10 hours назад
RansomHub ransomware – what you need to know
RansomHub ransomware – what you need to know

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 days, 10 hours назад @ tripwire.com
Exposed! The AI-enhanced social media bot farm that pumped out Kremlin propaganda on Twitter
Exposed! The AI-enhanced social media bot farm that pumped out Kremlin propaganda on Twitter Exposed! The AI-enhanced social media bot farm that pumped out Kremlin propaganda on Twitter

The FBI has issued a joint cybersecurity advisory with its international partners, detailing the make-up of an AI-enhanced social media bot farm that was used to spread propaganda around the world.

The bot farm, known as "Meliorator," created fake accounts that often purported to be based in the United States.

The FBI says that the Meliorator bot farm project was subsequently integrated into an FSB operation that was approved by the Kremlin to sow discord in the United States.

Examples of pro-Russian messages pushed out by the bot farm on Twitter included posts by a purported US citizen which included a video of President Putin justifying Russia's invasion of Ukraine.

"With these actions, t…

3 days, 5 hours назад @ bitdefender.com
Smashing Security podcast #380: Teachers TikTok targeted, and fraud in the doctors’ waiting room
Smashing Security podcast #380: Teachers TikTok targeted, and fraud in the doctors’ waiting room Smashing Security podcast #380: Teachers TikTok targeted, and fraud in the doctors’ waiting room

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

3 days, 6 hours назад @ grahamcluley.com
The AI Fix #6: AI lobotomies, and bots scam scam bots
The AI Fix #6: AI lobotomies, and bots scam scam bots The AI Fix #6: AI lobotomies, and bots scam scam bots

Graham inflicts his terrible Australian accent on Mark while explaining bot-on-bot crime, and Mark tells Graham how to lobotomise an AI that’s obsessed with bridges.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow …

5 days, 1 hour назад @ grahamcluley.com
Ransomware attack on blood-testing service puts lives in danger in South Africa
Ransomware attack on blood-testing service puts lives in danger in South Africa Ransomware attack on blood-testing service puts lives in danger in South Africa

On June 22, the BlackSuit ransomware group hit NHLS, leaving it unable to process millions of blood tests.

As a consquence, the most urgent test results have had to be shared over the telephone rather than electronically.

According to media reports, hundreds of essential operations have been cancelled due to the lack of blood tests.

Police in South Africa and data regulators have been informed about the attack, for which the BlackSuit ransomware gang has taken credit.

Past victims of the BlackSuit ransomware gang include East Central University, CDK Global, schools in the US state of Georgia, and even a zoo.

5 days, 5 hours назад @ bitdefender.com
ChatGPT for Mac app flaw left users’ chat history exposed
ChatGPT for Mac app flaw left users’ chat history exposed ChatGPT for Mac app flaw left users’ chat history exposed

Is it only a few weeks since OpenAI announced its new app for macOS computers?

To much fanfare, the makers of ChatGPT revealed a desktop version that allowed Mac users to ask questions directly rather than via the web.

It was storing users' chats with ChatGPT for Mac in plaintext on their computer.

As Pereira Vieito described, OpenAI's app was not sandboxed, and stored all conversations, unencrypted in a folder accessible by any other running processes (including malware) on the computer.

The Verge reports that after it contacted OpenAI about the issue raised by Pereira Vieito, a new version of the ChatGPT macOS app was shipped, properly encrypting conversations.

6 days, 5 hours назад @ bitdefender.com
Volcano Demon ransomware group rings its victims to extort money
Volcano Demon ransomware group rings its victims to extort money

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 3 days назад @ tripwire.com
Smashing Security podcast #379: Private nights, evil twins, and crypto home invasions
Smashing Security podcast #379: Private nights, evil twins, and crypto home invasions Smashing Security podcast #379: Private nights, evil twins, and crypto home invasions

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new “The AI Fix” podcast (co-hosted with Graham!).

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Mark Stockley – @markstockleyEpisode links:Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, o…

1 week, 3 days назад @ grahamcluley.com
The AI Fix #5: An angry AI girlfriend, and artificial intelligence is stupid
The AI Fix #5: An angry AI girlfriend, and artificial intelligence is stupid The AI Fix #5: An angry AI girlfriend, and artificial intelligence is stupid

If you can answer this question, you’re smarter than 99% of AIs:“Alice has 4 brothers, and she also has 1 sister.

How many sisters do Alice’s brothers have?”Find out why AI is stupid, what Toys “R” Us has done that’s even more annoying than putting that “R” in its name, why Graham Cluley has an angry AI girlfriend, and much much more in episode five of “The AI Fix” podcast.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subscribe for free in your favourite podc…

1 week, 5 days назад @ grahamcluley.com
Russian hackers read the emails you sent us, Microsoft warns more customers
Russian hackers read the emails you sent us, Microsoft warns more customers Russian hackers read the emails you sent us, Microsoft warns more customers

Once the hackers had compromised Microsoft staff accounts, they were able to access communications exchanged between the company and its customers.

Microsoft is now actively notifying affected customers with details of how they can determine which of their emails were accessed.

"This week, we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor," said a Microsoft spokesperson.

The email notification provides affected Microsoft customers with a custom-built portal through which they can review compromised email messages.

The government cited the Midnight Blizzard attack as evidence that …

2 weeks, 2 days назад @ bitdefender.com
Supply-chain ransomware attack cripples thousands of car dealerships
Supply-chain ransomware attack cripples thousands of car dealerships Supply-chain ransomware attack cripples thousands of car dealerships

Car dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack.

The attack, believed to be by the BlackSuit ransomware gang, forced CDK Global, makers of a platform widely used by car dealerships to conduct their everyday business, to down its IT systems and data centers.

The impact is considerable, as CDK is believed to have approximately 15,000 car dealerships in its client list.

According to media reports, CDK briefly managed to restore some of its services last week - only to be forced to deactivate them again after a second cyber attack.

The group is strongly linked to the Royal ransomware gang, which evolved from the…

2 weeks, 2 days назад @ exponential-e.com
There's some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. Read more in my article on the Tripwire State of Security blog
There's some possibly good news on the ransomware front. Companies are becoming more resilient to attacks, and the ransom payments extorted from businesses by hackers are on a downward trend. Read more in my article on the Tripwire State of Security blog

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks, 2 days назад @ tripwire.com
US charges four FIN9-linked hackers after $71 million cybercrime spree
US charges four FIN9-linked hackers after $71 million cybercrime spree US charges four FIN9-linked hackers after $71 million cybercrime spree

According to court documents, the indicted individuals accessed employee benefit rewards programs maintained by businesses and re-directed gift cards to accounts under their own control.

Tai, Xuyen, and Truong are said to have sold stolen gift cards on a peer-to-peer cryptocurrency marketplace in an attempt to conceal the origin of the stolen money.

In addition, Tai, Xuyen, and Truong also face money laundering charges with a maximum 20-year sentence.

The focus on gift cards by the alleged hackers draws comparison with another cybercriminal gang, Storm-0539 (also known as Atlas Lion), which has been very active recently.

Last month, the FBI issued a warning to US retailers about how the Sto…

2 weeks, 3 days назад @ bitdefender.com
Smashing Security podcast #378: Julian Assange, inside a DDoS attack, and deepfake traumas
Smashing Security podcast #378: Julian Assange, inside a DDoS attack, and deepfake traumas Smashing Security podcast #378: Julian Assange, inside a DDoS attack, and deepfake traumas

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Eleanor Dallaway.

Smashing Security listeners get 10% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

2 weeks, 3 days назад @ grahamcluley.com
Introducing… The AI Fix podcast
Introducing… The AI Fix podcast Introducing… The AI Fix podcast

As luck should have it, “Smashing Security” turned out to be quite a success – with something like 10 million downloads over the years and we just published our 378th episode.

But a lot has changed since we launched “Smashing Security”.

And that’s why this week I’ve launched – with my co-host Mark Stockley – a brand new show called “The AI Fix”.

In our first introductory episode, I attempt to convince Mark that AI doesn’t, in fact, exist.

Follow the show in Apple Podcasts and Spotify, or simply search for “The AI Fix” in your favourite podcast app.

2 weeks, 4 days назад @ grahamcluley.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 2 days, 3 hours назад
Уязвимость нулевого дня в браузере Internet Explorer | Блог Касперского
Уязвимость нулевого дня в браузере Internet Explorer | Блог Касперского Уязвимость нулевого дня в браузере Internet Explorer | Блог Касперского

Как это ни смешно, один из этих «зиро-деев», который до этого полтора года использовался для кражи паролей, был обнаружен в браузере Internet Explorer.

Почему Internet Explorer совсем не так мертв, как всем нам хотелось быВ прошлом году я уже писала о том, что на самом деле означали очередные похороны Internet Explorer.

На практике это означает, что Internet Explorer по-прежнему остается в системе, просто пользователи не могут запустить его в качестве самостоятельного браузера.

Из-за префикса mhtml в .url-файле он будет открыт не в дефолтном браузере системы, а в Internet Explorer.

Проблема в том, что в соответствующем диалоге Internet Explorer приводит название все того же .url-файла, прит…

2 days, 3 hours назад @ kaspersky.ru
Что такое Kaspersky Who Calls и что он умеет | Блог Касперского
Что такое Kaspersky Who Calls и что он умеет | Блог Касперского Что такое Kaspersky Who Calls и что он умеет | Блог Касперского

Что умеет Kaspersky Who CallsWho Calls — это умный определитель номера с огромной и постоянно обновляемой базой информации о телефонных номерах.

При этом Who Calls заблокирует и звонки со скрытых номеров, и звонки от неизвестных пользователей WhatsApp.

Kaspersky Who Calls для iOS бесплатно предупредит о спаме, покажет категорию входящего звонка и заблокирует весь входящий голосовой спам.

В премиум-версии приложения для Android, как и в iOS, база нежелательных номеров хранится на смартфоне.

Премиальный Who Calls в подписках Kaspersky Plus и Kaspersky PremiumСтоит напомнить, что премиум-версия Kaspersky Who Calls уже включена в подписки Kaspersky Plus и Kaspersky Premium нашей линейки защитны…

3 days, 8 hours назад @ kaspersky.ru
Таргетированная вредоносная рассылка для сбора информации | Блог Касперского
Таргетированная вредоносная рассылка для сбора информации | Блог Касперского Таргетированная вредоносная рассылка для сбора информации | Блог Касперского

Судя по количеству жертв, мы имеем дело с таргетированной атакой с целю сбора конфиденциальной информации.

Параллельно с этим он, в скрытом режиме, скачивает несколько архивов с дополнительной вредоносной нагрузкой и консольную утилиту для работы с архивами формата RAR.

Консольная утилита используется для распаковки скачанных архивов, а также для сбора интересующих злоумышленников файлов.

И в том, и в другом случае собранные данные отправляются на сервер hostingforme[.]nl.

Наши решения детектируют вредоносную нагрузку этой атаки с вердиктом Trojan.Win32.Dedok.art, а также детектируют и блокируют атаку по поведению с вердиктом Trojan.Win32.Generic.

6 days, 3 hours назад @ kaspersky.ru
Псевдоэксплойт для CVE-2024-6387 aka regreSSHion | Блог Касперского
Псевдоэксплойт для CVE-2024-6387 aka regreSSHion | Блог Касперского Псевдоэксплойт для CVE-2024-6387 aka regreSSHion | Блог Касперского

В социальной сети X (ранее известной как Twitter) распространяется архив с вредоносным кодом под видом эксплойта для недавно обнаруженной уязвимости CVE-2024-6387 (regreSSHion).

Рассказываем, что на самом деле находится в архиве, и как злоумышленники пытаются заманить исследователей в ловушку.

Сопровождающая архив легендаПредположительно, существует некий сервер, на котором имеется рабочий эксплойт для уязвимости CVE-2024-6387 в OpenSSH.

Более того, этот сервер активно применяет этот эксплойт для атак по целому списку IP-адресов.

В реальности, он запускает вредоносный файл exploit — зловред, служащий для закрепления в системе и скачивания полезной нагрузки с удаленного сервера.

1 week, 2 days назад @ kaspersky.ru
Почему скрипт Polyfill.io следует удалить с сайта | Блог Касперского
Почему скрипт Polyfill.io следует удалить с сайта | Блог Касперского Почему скрипт Polyfill.io следует удалить с сайта | Блог Касперского

Рассказываем подробнее о том, что это за сервис, почему им стало опасно пользоваться и что в связи с этим следует предпринять для защиты.

В свою очередь, Polyfill.io — это сервис, служащий для автоматической подгрузки тех полифилов, которые необходимы для корректного отображения сайта именно в том браузере, в котором пользователь этот сайт открывает.

Исследователи подчеркивают, что сервис Polyfill.io уже не в первый раз замечен за раздачей вредоносного кода.

Сообщается о том, что потенциально опасный скрипт содержат более 100 000 сайтов.

Дело в том, что рекламный сервис Google приостановил показ рекламы, ведущей на сайты, которые раздают вредоносные скрипты, загруженные с нескольких сервисо…

1 week, 2 days назад @ kaspersky.ru
Как работает услуга Fraud-as-a-Service | Блог Касперского
Как работает услуга Fraud-as-a-Service | Блог Касперского Как работает услуга Fraud-as-a-Service | Блог Касперского

Сегодня на примере группировки, занимающейся скамом на площадках объявлений, расскажем про особенности фишинга под ключ и как от него защититься.

Это основной набор участников, который есть практически в каждой группировке.

Такие люди занимаются рекламными кампаниями проекта, моральной поддержкой воркеров и их обучением.

С их помощью киберпреступники могут создавать, например, уникальные адаптированные фишинговые объявления.

А раз так, то и рекомендации по защите будут такие же, как и при других вида фишинга:

1 week, 4 days назад @ kaspersky.ru
CVE-2024-6387 aka regreSSHion — причины, риски, устранение
CVE-2024-6387 aka regreSSHion — причины, риски, устранение CVE-2024-6387 aka regreSSHion — причины, риски, устранение

Несмотря на это, все администраторы серверов с OpenSSH должны срочно позаботиться об устранении уязвимости.

Начиная с Windows 10, OpenSSH есть и в ОС от Microsoft, правда, здесь это опциональный компонент, не устанавливаемый по умолчанию.

Десять тысяч попыток аутентификации при стандартных настройках OpenSSH займут 6–8 часов — и это на один сервер.

Терпеливые атакующие вполне могут провести разведку, а затем делать попытки с низкой частотой и с разных IP, и рано или поздно добиться успеха.

Этот метод можно использовать и в случае, если на вашем устройстве невозможно обновление OpenSSH.

1 week, 5 days назад @ kaspersky.ru
Мошенничество в Telegram с помощью KYC-верификации | Блог Касперского
Мошенничество в Telegram с помощью KYC-верификации | Блог Касперского Мошенничество в Telegram с помощью KYC-верификации | Блог Касперского

На этот раз киберпреступники придумали схему кражи Telegram-аккаунтов и криптокошельков с помощью фишингового бота.

Как только потенциальная жертва найдена, мошенники связываются с ней под видом легитимного покупателя или продавца, в зависимости от контекста.

Но есть нюанс: мошенники отправляют ссылку на фейковый канал для прохождения KYC-верификации и угрожают заморозкой криптоактивов в случае, если жертва проигнорирует просьбу.

Заключительный шаг — введение кода для входа в Telegram.

Как сохранить свой Telegram-аккаунт и криптокошелек в безопасностиМы подготовили советы и рекомендации, которые помогут вам не стать жертвой подобных мошеннических схем с прохождением верификации в Telegram W…

1 week, 6 days назад @ kaspersky.ru
Meta AI** может использовать личные данные пользователей для тренировки генеративного ИИ | Блог Касперского
Meta AI** может использовать личные данные пользователей для тренировки генеративного ИИ | Блог Касперского Meta AI** может использовать личные данные пользователей для тренировки генеративного ИИ | Блог Касперского

Компания-владелец Facebook**, Instagram** и WhatsApp** сообщила части своих пользователей, что с 26 июня их личные данные будут использованы для развития генеративного искусственного интеллекта Meta AI**.

Для обучения своих нейросетей Meta* нужны данные — и скоро источником знаний для ИИ может стать пользовательский контент крупнейших в мире соцсетей.

Как отказаться от передачи своих данных для обучения ИИ Meta*?

Механизм отказа от передачи данных крайне запутан — нельзя просто нажать кнопку «Я запрещаю использовать свои данные для обучения Meta AI**».

В Meta* отметили, что считают свой изначальный подход правильным с точки зрения закона, а потому наверняка будут продолжать попытки внедрени…

2 weeks, 3 days назад @ kaspersky.ru
Угон аккаунтов GitHub с помощью фишинга | Блог Касперского
Угон аккаунтов GitHub с помощью фишинга | Блог Касперского Угон аккаунтов GitHub с помощью фишинга | Блог Касперского

Оказывается, уже несколько месяцев очень похожим образом атакуют аккаунты разработчиков на GitHub, что не может не волновать корпоративную службу информационной безопасности (особенно если разработчики имеют административный доступ к корпоративным репозиториям на GitHub).

Злоумышленников вполне устроит та небольшая часть получателей, внимание которых будет настолько сконцентрировано на сумме зарплаты, что на нестыковки они не обратят внимание.

На сайте заинтересовавшихся вакансией разработчиков просят залогиниться в собственные аккаунты на GitHub и авторизовать новое OAuth-приложение.

Помимо предложения работы в GitHub была замечена еще одна разновидность письма, в котором говорится о том, …

2 weeks, 4 days назад @ kaspersky.ru
Чем опасна новая ИИ-функция Microsoft и как отключить ИИ-поиск Recall в Windows 11 | Блог Касперского
Чем опасна новая ИИ-функция Microsoft и как отключить ИИ-поиск Recall в Windows 11 | Блог Касперского Чем опасна новая ИИ-функция Microsoft и как отключить ИИ-поиск Recall в Windows 11 | Блог Касперского

Чтобы реализовать чудо-поиск, новый сервис Microsoft будет делать скриншоты всего экрана каждые несколько секунд и сохранять их в папке на компьютере.

В начальной версии Recall скриншоты и база данных с распознанными текстами хранились в открытом виде.

ИБ-специалисты продемонстрировали, как обойти ограничения ОС и получить доступ к базам Recall и скриншотам любого пользователя на компьютере.

Microsoft указывает, что в базе данных Recall будут сохранены пароли, финансовые и другие чувствительные данные, которые выводятся на экран.

Чтобы снизить остроту проблемы, Microsoft обещает, что для доступа к приложению Recall на локальном компьютере пользователю надо будет дополнительно аутентифициров…

2 weeks, 5 days назад @ kaspersky.ru
Как работает фишинг с помощью прогрессивных веб-приложений (PWA) | Блог Касперского
Как работает фишинг с помощью прогрессивных веб-приложений (PWA) | Блог Касперского Как работает фишинг с помощью прогрессивных веб-приложений (PWA) | Блог Касперского

Исследователь безопасности под ником mr.d0x опубликовал пост, описывающий новую методику, которая может быть использована для фишинга, а также, вероятно, и для другой вредоносной деятельности.

Эта методика эксплуатирует так называемые прогрессивные веб-приложения (PWA, progressive web app).

Что такое прогрессивные веб-приложенияПрогрессивные веб-приложения — это один из способов разработки приложений с использованием веб-технологий.

Но и это не так уж сложно сделать, если использовать правильные слова и элементы интерфейса.

К тому же PWA проще в изготовлении — ведь по сути это всего лишь фишинговый сайт с небольшими добавками.

3 weeks, 2 days назад @ kaspersky.ru
SIEM и EDR для российского среднего бизнеса | Блог Касперского
SIEM и EDR для российского среднего бизнеса | Блог Касперского SIEM и EDR для российского среднего бизнеса | Блог Касперского

Архитектура SIEM для среднего бизнесаАрхитектура разных систем SIEM может несколько отличаться, но основные элементы таковы:Источники событий — формально они не являются частью SIEM, но поставляют необходимую информацию.

Победное комбо: SIEM+EDRЭффективно внедрить комбинацию из российских SIEM и EDR и защитить компанию от сложных киберугроз можно при помощи решения Kaspersky SMART II, объединяющего Kaspersky Unified Monitoring and Analysis Platform и Kaspersky EDR Expert.

Например, Kaspersky EDR Expert, входящий в Kaspersky Smart II, способен отправлять в SIEM не только «сырые» события, но и обнаружения угроз, относящиеся к сложным атакам.

Благодаря живому сообществу пользователей для решен…

3 weeks, 3 days назад @ kaspersky.ru
Как исключить свой роутер из слежки через Wi-Fi Positioning System | Блог Касперского
Как исключить свой роутер из слежки через Wi-Fi Positioning System | Блог Касперского Как исключить свой роутер из слежки через Wi-Fi Positioning System | Блог Касперского

Это неотъемлемая часть системы позиционирования по Wi-Fi (WPS, Wi-fi Positioning System).

Они раздают Интернет по Wi-Fi, и слежка за терминалом равна слежке за положением пользователя.

То же касается хотспотов, устанавливаемых в «домах на колесах» и на яхтах;люди, совершившие переезд.

В опытах исследователей MIT новый роутер попадал в базу WPS за срок от 2 до 7 дней.

Как защитить свой роутер от WPS-слежкиИ у Apple, и у Google есть малоизвестный инструмент, позволяющий исключить точку доступа из баз данных WPS.

3 weeks, 4 days назад @ kaspersky.ru
Хакеры могут взломать 59% паролей за один час | Блог Касперского
Хакеры могут взломать 59% паролей за один час | Блог Касперского Хакеры могут взломать 59% паролей за один час | Блог Касперского

Оказалось, что 59% изученных паролей могут быть взломаны менее чем за один час, и для этого понадобятся лишь современная видеокарта и немного знаний.

59% паролей могут быть взломаны менее чем за часВ исследовании мы проверяли стойкость паролей, используя как брутфорс, так и алгоритмы умного взлома.

могут быть взломаны умными алгоритмами менее чем за одну минуту, 59% — за один час, а 67% — менее чем за месяц, и всего 23% паролей можно считать стойкими — их взлом займет более одного года.

Также, к счастью, всего несколько паролей состояли исключительно из словарного слова — практически все из них могут быть взломаны за минуту.

В 4% обработанных нами паролей в разном виде встречались:123451234…

3 weeks, 5 days назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 2 weeks, 2 days назад
Stopping Supply Chain Attacks with Cisco’s User Protection Suite
Stopping Supply Chain Attacks with Cisco’s User Protection Suite Stopping Supply Chain Attacks with Cisco’s User Protection Suite

The Dinner Party Supply Chain AttackA supply chain attack occurs when a bad actor gains access to an organization’s people and data by compromising a vendor or business partner.

Types of Supply Chain AttacksSupply chain attacks can be understandably concerning for those in charge of cybersecurity within an organization.

According to Verizon’s 2024 Data Breach Investigations Report, breaches due to supply chain attacks rose from 9% to 15%, a 68% year-over-year increase.

Secure Access: Secure Access ensures that your users safely access both the internet and private applications.

To learn more about how the User Protection Suite can protect your organization today, see the Cisco User Protecti…

2 weeks, 2 days назад @ blogs.cisco.com
Digital Forensics for Investigating the Metaverse
Digital Forensics for Investigating the Metaverse Digital Forensics for Investigating the Metaverse

Decentralization and jurisdictions: The decentralized nature of many metaverse platforms can lead to jurisdictional complexities.

This diversity significantly affects the investigation of metaverse platforms, as each requires unique methods, tools and approaches for forensic analysis.

An example illustrating metaverse forensic complexities is, a rare digital painting, goes missing from a virtual museum.

Metaverse Platforms, including different apps and digital assets in the metaverse.

This approach helps in understanding the interaction between the client and the server during the operation of metaverse platforms.

2 weeks, 4 days назад @ blogs.cisco.com
Exciting News: CDO India and CDO Australia Now Generally Available!
Exciting News: CDO India and CDO Australia Now Generally Available! Exciting News: CDO India and CDO Australia Now Generally Available!

We are thrilled to announce that Cisco Defense Orchestrator (CDO) is now generally available in two new regions: India and Australia.

CDO India offers the same comprehensive capabilities as our other CDO regions, providing a seamless and efficient security management experience.

CDO AustraliaSimilarly, we are pleased to announce that CDO Australia is now live and available.

Just like our other regions, CDO Australia offers the same powerful security management capabilities, ensuring that our customers receive top-notch service and support.

Both new regions, India and Australia, are fully equipped with all the features and functionalities that our customers have come to expect from CDO.

2 weeks, 6 days назад @ blogs.cisco.com
Security Cloud Control: Pioneering the Future of Security Management
Security Cloud Control: Pioneering the Future of Security Management Security Cloud Control: Pioneering the Future of Security Management

When considering Unified Security Management (USM), the goal is to have seamless management experience.

We aim to streamline security management processes, strengthen defenses with advanced Zero Trust and vulnerability protection, and offer clear, actionable insights through AI-driven intelligence.

Our partnership with Splunk represents a significant leap forward in streamlining security operations.

This collaborative effort simplifies the management of security operations, providing Security Operations Center (SOC) teams with a superior, streamlined, and more effective method for protecting their digital landscapes.

We are dedicated to alleviating the customer’s burden by offering a Unifie…

3 weeks, 2 days назад @ blogs.cisco.com
Enhancing AI Security Incident Response Through Collaborative Exercises
Enhancing AI Security Incident Response Through Collaborative Exercises Enhancing AI Security Incident Response Through Collaborative Exercises

I had the privilege of participating in an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

The ObjectiveThe primary goal of this tabletop exercise was to support the development of an “AI Security Incident Collaboration Playbook”.

This playbook, set to be published later this year, aims to enhance AI security incident response coordination between the U.S. government, industry, and global partners.

The insights gained from this exercise will directly inform the creation of the AI Security Incident Collaboration Playbook.

Stay tuned for the release of the AI Security Incident Collaboration P…

3 weeks, 2 days назад @ blogs.cisco.com
Up your Quality of Life with Secure MSP Hub and Secure MSP Center
Up your Quality of Life with Secure MSP Hub and Secure MSP Center Up your Quality of Life with Secure MSP Hub and Secure MSP Center

MSP Center is our simplified, usage based post-paid buying model where you as an MSP can sign up once to get access to Security portfolio.

Customer Management – The customer management feature on MSP Hub streamlines the customer onboarding process for multiple products in a single place.

Technical Integrations – We are simplifying how our Cisco Security products can easily integrate with ecosystem partners in a simple 3 click process.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

3 weeks, 3 days назад @ blogs.cisco.com
The State of Cloud Security Platforms and DevSecOps
The State of Cloud Security Platforms and DevSecOps The State of Cloud Security Platforms and DevSecOps

Cisco recently partnered with TechTarget’s Enterprise Strategy Group (ESG) on a survey of IT, cybersecurity, and application development professionals, The State of Cloud Security Platforms and DevSecOps (April 2024), to better understand the scope of cloud native application development environments and how organizations are protecting cloud infrastructure and applications.

Close to half of all organizations plan to deploy DevSecOps to mitigate security issues and runtime misconfigurations found in cloud applications.

Investing in the futureOrganizations overwhelmingly agree that purchase of cloud security platforms and DevSecOps over the next year is required, not optional.

This investmen…

3 weeks, 5 days назад @ blogs.cisco.com
How to Monitor Network Traffic: Findings from the Cisco Cyber Threat Trends Report
How to Monitor Network Traffic: Findings from the Cisco Cyber Threat Trends Report How to Monitor Network Traffic: Findings from the Cisco Cyber Threat Trends Report

One great area to look for trends is in malicious DNS activity.

In our latest report, Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette, we take the extraordinary volume of malicious domains that Cisco sees and blocks—over 1 million every hour—and examine it for malicious trends and patterns.

This data comes to us thanks to the DNS-layer security that is available in Cisco Umbrella and Cisco Secure Access.

These are just a couple examples of trends from the Cyber Threat Trends Report.

Learn moreDownload the full report for more key insights on the current threat landscape:Cyber Threat Trends Report: From Trojan Takeovers to Ransomware RouletteLearn more about the find…

3 weeks, 5 days назад @ blogs.cisco.com
Stay Compliant: Cisco Secure Workload Introduces State-of-the-art, Persona-based Reporting
Stay Compliant: Cisco Secure Workload Introduces State-of-the-art, Persona-based Reporting Stay Compliant: Cisco Secure Workload Introduces State-of-the-art, Persona-based Reporting

Workload security tools draw the attention of diverse cohorts, united by a mission: fortifying hybrid cloud workloads.

In a market filled with disparate tools, Secure Workload offers a tailored reporting solution that revolutionizes how SecOps, Network Administrators, and CxOs interact with their workload security solution.

For example, SecOps teams require detailed insights into Cisco Security Risk scores, workload vulnerabilities, and the effectiveness of security policies.

Ready to experience the power of informed decision-making with Secure Workload Reporting?

Whether you’re upgrading to Secure Workload 3.9 or starting fresh, embark on a journey of unparalleled security for your hybrid …

3 weeks, 6 days назад @ blogs.cisco.com
Bolster SaaS Security Posture Management with Zero Trust Architecture
Bolster SaaS Security Posture Management with Zero Trust Architecture Bolster SaaS Security Posture Management with Zero Trust Architecture

According to AppOmni’s 2023 State of SaaS Security report, 79% of organizations reported a SaaS security incident during the preceding 12-month period.

Security Service Edge (SSE) solutions with Zero Trust Network Access (ZTNA) are a common way to securely connect the hybrid workforce to cloud applications.

This article describes how Cisco and AppOmni have teamed to extend zero trust principles to secure SaaS applications and data with a closed loop zero trust architecture.

These capabilities are collectively called Zero Trust Posture Management (ZTPM) for SaaS applications.

Next StepsCustomers interested in extending zero trust to their SaaS applications can contact AppOmni or Cisco to exp…

1 month назад @ blogs.cisco.com
Operationalizing our custom “SOC in a Box” at the RSA Conference 2024
Operationalizing our custom “SOC in a Box” at the RSA Conference 2024 Operationalizing our custom “SOC in a Box” at the RSA Conference 2024

Ever had to stand up a Security Operations Center (SOC) in two days?

Here is what our custom “SOC in the Box” looked like wired up and fully operational, connected to the Moscone NOC and NetWitness Platform.

Our custom “SOC in a Box” was one of the highlights of the SOC tours and generated quite a bit of excitement around Cisco Security!

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

1 month назад @ blogs.cisco.com
Cisco ISE 3.4 begins June with a bang
Cisco ISE 3.4 begins June with a bang Cisco ISE 3.4 begins June with a bang

Common Policy = Common languageIt’s still in Beta release now, but the first iteration of Common Policy is expected to be available to the general public in the Fall.

The normalized user, device, and app workload context is sent to each domain using Cisco ISE as the exchange hub.

Cisco ISE Reboot reduction timeIt doesn’t happen very frequently but when Cisco ISE reboots, it can take a little bit of time.

In all, there are 15 new features that Cisco ISE 3.4 premiered this month, but these are just a couple of the highlights.

So while school’s out for some, Cisco ISE 3.4 is in for all!

1 month назад @ blogs.cisco.com
Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion
Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion Cisco Simplifies Cloud Security with AWS Cloud WAN Service Insertion

This feature enables customers to integrate their Cisco security services into their network with AWS Cloud WAN, significantly simplifying how they add security into their network.

With the release of AWS’ service insertion feature as part of Cloud WAN, I am pleased to announce Cisco Secure Firewall Threat Defense Virtual and Cisco Multicloud Defense support AWS Cloud WAN.

Benefits of Cisco cloud firewalls with Cloud WANUtilizing Cisco cloud firewalls in conjunction with AWS Cloud WAN to enhance the protection of global network traffic offers customers significant operational benefits:Unified Infrastructure for Security and Global Networking: AWS Cloud WAN offers a unified infrastructure de…

1 month назад @ blogs.cisco.com
Forrester Names Cisco a Leader in OT Security
Forrester Names Cisco a Leader in OT Security Forrester Names Cisco a Leader in OT Security

Today, I’m proud to share that Forrester Research named Cisco a Leader in the OT security market in their latest report, “The Forrester Wave™: Operational Technology Security Solutions, Q2 2024”.

Cisco Industrial Threat Defense is not just a “point product” for one piece of the OT security puzzle.

Comprehensive visibility into the industrial environment with Cisco Cyber Vision to understand the OT security posture and fuel security tools with OT context.

with Cisco Cyber Vision to understand the OT security posture and fuel security tools with OT context.

As we define the networking standards of the future, Cisco Industrial Threat Defense embeds these OT security features in industrial swit…

1 month назад @ blogs.cisco.com
Cisco Builds on the CNAPP Movement to Secure and Protect the Cloud Native Application Estate
Cisco Builds on the CNAPP Movement to Secure and Protect the Cloud Native Application Estate Cisco Builds on the CNAPP Movement to Secure and Protect the Cloud Native Application Estate

For increased agility, scalability, and pace of innovation, modern businesses are building and adopting cloud native applications and practices.

Enter Cloud Native Application Protection Platforms (CNAPPs).

Taken together, these capabilities are creating a new and unified approach to securing the cloud native application estate.

Cisco Cloud Application Security is TransformativeCisco Cloud Application Security is a unified security solution.

It combines cloud security posture management (CSPM), cloud workload protection (CWPP), API security, and infrastructure as code (IaC) security.

1 month назад @ blogs.cisco.com
Microsoft Security Microsoft Security
последний пост 3 days, 3 hours назад
Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available
Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available Simplified Zero Trust security with the Microsoft Entra Suite and unified security operations platform, now generally available

The Microsoft Entra Suite enables organizations to converge policies across identities, endpoints, and private and public networks with a unified access policy engine.

Our unified security operations platform brings together all the security signals your environment generates, then normalizes, analyzes, and uses them to proactively defend against cyberthreats.

The Microsoft Entra Suite unifies identity and network access security—a novel and necessary approach for Zero Trust security.

In addition, Microsoft Entra skills in Microsoft Copilot for Security help identity professionals respond more quickly to identity risks.

“The biggest benefit of the unified security operations platform has be…

3 days, 3 hours назад @ microsoft.com
Vulnerabilities in PanelView Plus devices could lead to remote code execution
Vulnerabilities in PanelView Plus devices could lead to remote code execution Vulnerabilities in PanelView Plus devices could lead to remote code execution

Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS).

PanelView Plus devices are graphic terminals, also known as human machine interface (HMI) and are used in the industrial space.

These vulnerabilities can significantly impact organizations using the affected devices, as attackers could exploit these vulnerabilities to remotely execute code and disrupt operations.

Limit access to CIP devices to authorized components only.

Defender for IoT raises alerts on unauthorized access to devices using CIP,…

1 week, 5 days назад @ microsoft.com
Mitigating Skeleton Key, a new type of generative AI jailbreak technique
Mitigating Skeleton Key, a new type of generative AI jailbreak technique Mitigating Skeleton Key, a new type of generative AI jailbreak technique

In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an AI model’s intended behavior.

Introducing Skeleton KeyThis AI jailbreak technique works by using a multi-turn (or multiple step) strategy to cause a model to ignore its guardrails.

Skeleton Key jailbreak technique causes harm in AI systemsThis threat is in the jailbreak category, and therefore relies on the attacker already having legitimate access to the AI model.

Output filtering : Azure AI Content Safety post-processing filter that identifies and prevents output generated by the model that breaches safety criteria.

: Azure AI Content Safety post-processing …

2 weeks, 4 days назад @ microsoft.com
Working with a cybersecurity committee of the board
Working with a cybersecurity committee of the board Working with a cybersecurity committee of the board

To optimize the relationship, the security team needs to understand how the board and the cybersecurity committee work as well.

The cybersecurity committee will have a mandate, vetted and granted by the board members and likely the chief executive officer (CEO).

Working with the cybersecurity committee and the board will involve communicating to a diverse group whose first expertise may not be information technology.

The reporting of the cybersecurity committee to the board is also confidential.

Get started with committee collaborationThe formation of a cybersecurity committee as part of a company’s board will mean more scrutiny of the IT security function.

2 weeks, 4 days назад @ microsoft.com
How to boost your incident response readiness
How to boost your incident response readiness How to boost your incident response readiness

How the Microsoft Incident Response team helps customers remediate threats Read the blogThis blog post, informed by insights from the Microsoft Incident Response team, will guide you through some key considerations of incident response readiness, structured through the people, process, and technology framework.

Microsoft Incident Response Dedicated experts work with you before, during, and after a cybersecurity incident.

Many organizations lack the personnel or capability to maintain an in-house incident response team and outsource with services like Microsoft Incident Response.

Driving incident response in your organizationProactively preparing for incident response is essential given mode…

2 weeks, 5 days назад @ microsoft.com
Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services
Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services Microsoft Defender Experts for XDR recognized in the latest MITRE Engenuity ATT&CK® Evaluation for Managed Services

Microsoft Defender Experts for XDR demonstrated excellent managed extended detection and response (MXDR) by unifying our human-driven services and Microsoft Defender XDR in the MITRE Engenuity ATT&CK® Evaluations: Managed Services menuPass + ALPHV BlackCat.

: Let our expert analysts manage your Microsoft Defender XDR incident queue and handle triage, investigation, and response on your behalf.

Proactive threat hunting : Extend your team’s threat hunting capabilities and prioritize significant threats with Defender Experts for Hunting built in.

: Extend your team’s threat hunting capabilities and prioritize significant threats with Defender Experts for Hunting built in.

Learn more about Micr…

3 weeks, 5 days назад @ microsoft.com
Microsoft Incident Response tips for managing a mass password reset
Microsoft Incident Response tips for managing a mass password reset Microsoft Incident Response tips for managing a mass password reset

This blog post delves into the processes and technologies involved in managing a mass password reset, in alignment with expert advice from Microsoft Incident Response.

Here are a few of the first questions we ask:When should you perform a mass password reset?

Microsoft Incident Response Dedicated experts work with you before, during, and after a cybersecurity incident.

For a more in-depth look at scenarios that may require mass password reset, read our technical post.

Learn moreLearn more about Microsoft Incident Response and Microsoft Entra.

1 month назад @ microsoft.com
How to achieve cloud-native endpoint management with Microsoft Intune
How to achieve cloud-native endpoint management with Microsoft Intune How to achieve cloud-native endpoint management with Microsoft Intune

This is the final blog post in our series highlighting the increasing benefits of becoming fully cloud-native in endpoint management with Microsoft Intune.

In our first post, we talked about why more of our customers are migrating to cloud-native endpoint management.

That means going cloud-native and moving endpoint management to Intune.

It also requires a re-imagining of security, policies, and approaches to endpoint management.

Find the Intune Tech Community, and engage our Intune customer success team on X or their Tech Community page.

1 month назад @ microsoft.com
AI jailbreaks: What they are and how they can be mitigated
AI jailbreaks: What they are and how they can be mitigated AI jailbreaks: What they are and how they can be mitigated

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s).

This blog will provide an understanding of what AI jailbreaks are, why generative AI is susceptible to them, and how you can mitigate the risks and harms.

You can learn more about AI jailbreak techniques in our AI red team’s Microsoft Build session, How Microsoft Approaches AI Red Teaming.

Mitigation and protection guidanceTo mitigate the potential of AI jailbreaks, Microsoft takes defense in depth approach when protecting our AI systems, from models hosted on Azure AI to each Copilot solution we offer.

You can also use Azure AI Studio to begin the …

1 month, 1 week назад @ microsoft.com
AI jailbreaks: What they are and how they can be mitigated
AI jailbreaks: What they are and how they can be mitigated AI jailbreaks: What they are and how they can be mitigated

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI model(s).

This blog will provide an understanding of what AI jailbreaks are, why generative AI is susceptible to them, and how you can mitigate the risks and harms.

You can learn more about AI jailbreak techniques in our AI red team’s Microsoft Build session, How Microsoft Approaches AI Red Teaming.

Mitigation and protection guidanceTo mitigate the potential of AI jailbreaks, Microsoft takes defense in depth approach when protecting our AI systems, from models hosted on Azure AI to each Copilot solution we offer.

You can also use Azure AI Studio to begin the …

1 month, 1 week назад @ microsoft.com
The four stages of creating a trust fabric with identity and network security
The four stages of creating a trust fabric with identity and network security The four stages of creating a trust fabric with identity and network security

In this blog post, we’ll explore how any organization—large or small—can chart its own path toward establishing their own digital trust fabric.

Stage 1: Establish Zero Trust access controls“Microsoft enabled secure access to data from any device and from any location.

Check your Microsoft Entra recommendations and Identity Secure Score to measure your organization’s identity security posture and plan your next steps.

Microsoft Entra Protect any identity and secure access to any resource with a family of multicloud identity and network access solutions.

Learn more about securing access across identity, endpoint, and network to accelerate your organization’s trust fabric implementation on our…

1 month, 1 week назад @ microsoft.com
The four stages of creating a trust fabric with identity and network security
The four stages of creating a trust fabric with identity and network security The four stages of creating a trust fabric with identity and network security

In this blog post, we’ll explore how any organization—large or small—can chart its own path toward establishing their own digital trust fabric.

Stage 1: Establish Zero Trust access controls“Microsoft enabled secure access to data from any device and from any location.

Check your Microsoft Entra recommendations and Identity Secure Score to measure your organization’s identity security posture and plan your next steps.

Microsoft Entra Protect any identity and secure access to any resource with a family of multicloud identity and network access solutions.

Learn more about securing access across identity, endpoint, and network to accelerate your organization’s trust fabric implementation on our…

1 month, 1 week назад @ microsoft.com
Microsoft is again named the overall leader in the Forrester Wave for XDR
Microsoft is again named the overall leader in the Forrester Wave for XDR Microsoft is again named the overall leader in the Forrester Wave for XDR

Microsoft Defender XDR was rated the highest possible in 15 out of 22 evaluation criteria, including Endpoint Native Detection, Surface Investigation, Threat Hunting, Analyst Experience, Vision, and Innovation.

Microsoft Defender XDR Elevate your security with unified visibility, investigation, and response.

Learn more about Microsoft Defender XDR.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.

1 month, 1 week назад @ microsoft.com
Microsoft is named a leader in the Forrester Wave for XDR
Microsoft is named a leader in the Forrester Wave for XDR Microsoft is named a leader in the Forrester Wave for XDR

Microsoft Defender XDR was rated the highest possible in 15 out of 22 evaluation criteria, including Endpoint Native Detection, Surface Investigation, Threat Hunting, Analyst Experience, Vision, and Innovation.

Microsoft Defender XDR Elevate your security with unified visibility, investigation, and response.

Learn more about Microsoft Defender XDR.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.

1 month, 1 week назад @ microsoft.com
Microsoft is named a leader in the Forrester Wave for XDR
Microsoft is named a leader in the Forrester Wave for XDR Microsoft is named a leader in the Forrester Wave for XDR

Microsoft Defender XDR was rated the highest possible in 15 out of 22 evaluation criteria, including Endpoint Native Detection, Surface Investigation, Threat Hunting, Analyst Experience, Vision, and Innovation.

Microsoft Defender XDR Elevate your security with unified visibility, investigation, and response.

Learn more about Microsoft Defender XDR.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.

1 month, 1 week назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 2 weeks, 3 days назад
Sustaining Digital Certificate Security - Entrust Certificate Distrust
Sustaining Digital Certificate Security - Entrust Certificate Distrust Sustaining Digital Certificate Security - Entrust Certificate Distrust

The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values.

The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Website operators can determine if they are affected by this issue by using the Chrome Certificate Viewer.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described for Entrust in this blog post by installing the …

2 weeks, 3 days назад @ security.googleblog.com
Virtual Escape; Real Reward: Introducing Google’s kvmCTF
Virtual Escape; Real Reward: Introducing Google’s kvmCTF Virtual Escape; Real Reward: Introducing Google’s kvmCTF

To this end we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023.

Google is an active contributor to the project and we designed kvmCTF as a collaborative way to help identify & remediate vulnerabilities and further harden this fundamental security boundary.

Similar to kernelCTF, kvmCTF is a vulnerability reward program designed to help identify and address vulnerabilities in the Kernel-based Virtual Machine (KVM) hypervisor.

Finally, given how critical a hypervisor is to overall system security, kvmCTF will reward various levels of vulnerabilities up to and including code …

2 weeks, 3 days назад @ security.googleblog.com
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge

OSS-Fuzz is free, open source, and its projects and infrastructure are shaped very similarly to AIxCC challenges.

Competitors can easily reuse its existing toolchains, fuzzing engines, and sanitizers on AIxCC projects.

To enable kernel fuzzing, we followed a similar approach to an older blog post from Cloudflare.

Some changes to Cloudflare’s harness were required in order for this to be pluggable with the provided kernel challenges.

AIxCC challenges come with their own main() which takes in a file path.

2 weeks, 5 days назад @ security.googleblog.com
Staying Safe with Chrome Extensions
Staying Safe with Chrome Extensions Staying Safe with Chrome Extensions

Chrome extensions can boost your browsing, empowering you to do anything from customizing the look of sites to providing personalized advice when you’re planning a vacation.

Just type “run safety check” in Chrome’s address bar and select the corresponding shortcut: “Go to Chrome safety check.”User flow of removing extensions highlighted by Safety Check.

In 2024, less than 1% of all installs from the Chrome Web Store were found to include malware.

We're proud of this record and yet some bad extensions still get through, which is why we also monitor published extensions.

Monitoring published extensionsThe same Chrome team that reviews extensions before they get published also reviews extensio…

3 weeks, 3 days назад @ security.googleblog.com
Time to challenge yourself in the 2024 Google CTF
Time to challenge yourself in the 2024 Google CTF Time to challenge yourself in the 2024 Google CTF

It’s Google CTF time!

Join the Google CTF (at goo.gle/ctf), a thrilling arena to showcase your technical prowess.

The Google CTF consists of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more.

The prize pool for this year’s Google CTF and Hackceler8 stands at more than $32,000.

Sign up for the Google CTF to expand your skill set, meet new friends in the security community, and even watch the pros in action.

1 month назад @ security.googleblog.com
On Fire Drills and Phishing Tests
On Fire Drills and Phishing Tests On Fire Drills and Phishing Tests

In this blog, we will analyze the modern practice of Phishing “Tests” as a cybersecurity control as it relates to industry-standard fire protection practices.

This study with 14,000 participants showed a counterproductive effect of phishing tests, showing that “repeat clickers” will consistently fail tests despite recent interventions.

Some (e.g, FedRAMP) phishing tests require bypassing existing anti-phishing defenses.

At larger enterprises with multiple independent products, people can end up with numerous overlapping required phishing tests, causing repeated burdens.

In short - we need to stop doing phishing tests and start doing phishing fire drills.

1 month, 3 weeks назад @ security.googleblog.com
I/O 2024: What’s new in Android security and privacy
I/O 2024: What’s new in Android security and privacy I/O 2024: What’s new in Android security and privacy

And as their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe.

Google Play Protect live threat detectionGoogle Play Protect now scans 200 billion Android apps daily, helping keep more than 3 billion users safe from malware.

The detection of suspicious behavior is done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data.

This is helpful for apps that want to hide sensitive information from other apps and protect users from scams.

This is helpful for apps that want to hide sensitive information from other…

2 months назад @ security.googleblog.com
Google and Apple deliver support for unwanted tracking alerts in Android and iOS
Google and Apple deliver support for unwanted tracking alerts in Android and iOS Google and Apple deliver support for unwanted tracking alerts in Android and iOS

Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them.

This will help mitigate the misuse of devices designed to help keep track of belongings.

Google is now launching this capability on Android 6.0+ devices, and today Apple is implementing this capability in iOS 17.5.

If a user gets such an alert on their Android device, it means that someone else’s AirTag, Find My Device network-compatible tracker tag, or other industry specification-compatible Bluetooth tracker is moving with …

2 months назад @ security.googleblog.com
Your Google Account allows you to create passkeys on your phone, computer and security keys
Your Google Account allows you to create passkeys on your phone, computer and security keys Your Google Account allows you to create passkeys on your phone, computer and security keys

Passkeys and security keysPasskeys are an evolution of security keys, meaning users get the same security benefits, but with a much simplified experience.

By storing the passkey on a security key, users can ensure that passkeys are only available when the security key is plugged into their device, creating a stronger security posture.

Security keys provide an alternate way to use your passkeys across your devices: by bringing your security keys with you.

This replaces your remotely stored password with the PIN you used to unlock your security key, which improves user security.

However users are still required to present two security keys when enrolling into the program.

2 months, 1 week назад @ security.googleblog.com
Detecting browser data theft using Windows Event Logs
Detecting browser data theft using Windows Event Logs Detecting browser data theft using Windows Event Logs

BackgroundChromium based browsers on Windows use the DPAPI (Data Protection API) to secure local secrets such as cookies, password etc.

This event was added to the Microsoft-Windows-Crypto-DPAPI stream which manifests in the Event Log in the Applications and Services Logs > Microsoft > Windows > Crypto-DPAPI part of the Event Viewer tree.

here is Chrome browser launching from explorer: 4688 2 0 13312 0 0x8020000000000000 78258343 Security WIN-GG82ULGC9GO.contoso.local S-1-5-18 WIN-GG82ULGC9GO$ CONTOSO 0xe8c85cc 0x17eac C:\Program Files\Google\Chrome\Application\chrome.exe %%1938 0x16d8 "C:\Program Files\Google\Chrome\Application\chrome.exe" S-1-0-0 - - 0x0 C:\Windows\explorer.exe…

2 months, 2 weeks назад @ security.googleblog.com
How we fought bad apps and bad actors in 2023
How we fought bad apps and bad actors in 2023 How we fought bad apps and bad actors in 2023

A safe and trusted Google Play experience is our top priority.

The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks.

This new capability has already detected over 5 million new, malicious off-Play apps, which helps protect Android users worldwide.

Looking AheadProtecting users and developers on Google Play is paramount and ever-evolving.

We're launching new security initiatives in 2024, including removing apps from Play that are not transparent about their privacy practices.

2 months, 2 weeks назад @ security.googleblog.com
Accelerating incident response using generative AI
Accelerating incident response using generative AI Accelerating incident response using generative AI

Using generative AI we could write summaries 51% faster while also improving the quality of them.

Our incident response approachWhen suspecting a potential data incident, for example,we follow a rigorous process to manage it.

Closure: After the remediation efforts conclude, and after a data incident is resolved, reviewing the incident and response to identify key areas for improvement.

Continuous improvement: Is crucial for the development and maintenance of incident response programs.

This experiment showed that generative AI can evolve beyond high level summarization and help draft complex communications.

2 months, 2 weeks назад @ security.googleblog.com
Uncovering potential threats to your web application by leveraging security reports
Uncovering potential threats to your web application by leveraging security reports Uncovering potential threats to your web application by leveraging security reports

In this blog post, we'll share how the Google security team uses the Reporting API to detect potential issues and identify the actual problems causing them.

Note that in a typical roll out, we iterate steps 1 through 3 to ensure that we have triaged all violation reports.

With the Reporting API, we have the ability to run this cycle using a unified reporting endpoint and a single schema for several security features.

Most reports generated via the Reporting API are violation reports, but not all — other types include deprecation reports and crash reports.

Over the years, Google has developed a number of techniques to collect, digest, and summarize violation reports into root causes.

2 months, 3 weeks назад @ security.googleblog.com
Prevent Generative AI Data Leaks with Chrome Enterprise DLP
Prevent Generative AI Data Leaks with Chrome Enterprise DLP Prevent Generative AI Data Leaks with Chrome Enterprise DLP

Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks.

In this blog post, we'll explore reporting and enforcement policies that enterprise security teams can implement within Chrome Enterprise Premium for data loss prevention (DLP).

Chrome Enterprise DLP rules give IT admins granular control over browser activities, such as entering financial information in Gen AI websites.

As enterprises work through their policies and processes involving GenAI, Chrome Enterprise Premium empowers them to strike the balance that works best.

Learn more about how Chrome Enterprise can secure businesses just like yours here.

2 months, 3 weeks назад @ security.googleblog.com
How we built the new Find My Device network with user security and privacy in mind
How we built the new Find My Device network with user security and privacy in mind How we built the new Find My Device network with user security and privacy in mind

How location crowdsourcing works on the Find My Device networkThe Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices.

Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag.

With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

The Find My Device network is also compliant with the integration version of the joint industry standard for unwanted tracking.

We have an unwavering commitment to continue to improve user protections on Find My Device and prioritize user safety.

3 months, 1 week назад @ security.googleblog.com