Производитель ПО для работы с виртуальными машинами уже подготовил фикс, теперь дело за клиентами компании.

Запрет связан с опасениями за национальную безопасность Королевства.

Хакеры получили доступ к данным сотрудников и вынудили работников взяться за ручки.

CISA выпустила Untitled Goose Tool — инструмент для обнаружения признаков вредоносной активностиAlexander AntipovАгентство уже засекло хакерскую деятельность в облачных сервисах Microsoft.

Агентство США по кибербезопасности и безопасности инфраструктуры (CISA) вчера, 23 марта, выпустило новый инструмент реагирования на киберинциденты, способный обнаруживать признаки вредоносной активности в облачных средах Microsoft.

Инструмент разработан в сотрудничестве с Sandia, национальной лабораторией Министерства энергетики США, и может выгружать данные телеметрии из сред Azure Active Directory, Microsoft Azure и Microsoft 365.

Запрашивать, экспортировать и исследовать конфигурации AAD, Microsoft 365…

Новый вариант инструмента Mimikatz, известные бэкдоры и повышенный интерес к Ближнему Востоку.

Злоумышленники начали транслировать видео с Илоном Маском и распространять мошенническую рекламу криптовалюты.

Парижские игры станут экспериментом по использованию ИИ для видеонаблюдения.

Защита вашей конфиденциальности в Интернете имеет решающее значение в современном мире. Помимо всех способ защиты, необходимо обеспечить, чтобы ваше местоположение не стало известно третьим лицам.

Microsoft исправила уязвимость инструмента «Ножницы» в последней инсайдерской сборке Windows 11Alexander AntipovСкоро обновление станет доступно всем пользователям свежей Windows.

Вслед за уязвимостью встроенного редактора изображений в Google Pixel стало известно, что встроенный в Windows 11 инструмент «Ножницы», также известный «Фрагмент и набросок», тоже подвержен уязвимости aCropalypse.

Как стало известно сегодня, Microsoft уже тестирует обновлённые «Ножницы» версии 11.2302.20.0 в Windows 11 Insider Preview, доступной энтузиастам и прочим отверженным фанатам Windows.

В течение нескольких недель обновлённый инструмент должен будет попасть в релизную ветку Windows 11 и станет доступен все…

Рассмотрим, какие меры можно принять для снижения рисков несанкционированного доступа и как это поможет защитить конфиденциальные данные компании от утечек и успешных атак.

Практически невозможно отследить, кто именно использует учётную запись и каким лицам она передаётся, что в свою очередь влечёт за собой ещё большие риски для компании.

С помощью привилегированной учётной записи злоумышленник получает доступ к широкому спектру критически важных для компании информационных систем, где хранятся важные данные, поэтому такого рода пользователи являются одной из главных мишеней для злоумышленника.

Передача учётной записи третьим лицам по незнанию или в надежде на порядочность коллеги или партн…

Насколько успешно идёт процесс импортозамещения в секторе WAF, как сегодня внедрять и выбирать брандмауэры веб-приложений и что смогут предложить клиентам такие системы в будущем?

В нашей практике после начала использования WAF, в том числе со сканированием, с уязвимостями, с обнаружениями, многие заказчики понимали, что в прошлом их уже взламывали.

Анастасия Афонина, операционный директор компании «Вебмониторэкс»Как изменился рынок WAF в прошлом годуЧто произошло с российским рынком WAF в 2022 году после ухода западных вендоров?

Многие заказчики готовы разворачивать WAF в облаке, но считают публичные облачные сервисы недостаточно безопасными.

Итоги онлайн-конференцииФинальный опрос зрителе…

ВведениеМногие серьёзные инциденты и нарушения информационной безопасности связаны с неправомерным использованием учётных данных пользователей и несанкционированным доступом к информационным ресурсам.

Также применяются технологии PAM, которые контролируют работу пользователей с расширенными правами и привилегиями в информационных системах, приложениях, базах данных, на серверах и других объектах ИТ-инфраструктуры.

Разграничивать и предоставлять минимально-достаточные права доступа только к определённым ресурсам и на определённое время на основе утверждённых правил и политик.

Дав им доступ на продуктивный сервер, мы, конечно же, хотим знать, что они на нём делают, какие операции выполняют.

О…

Запуск некогда популярных 32-разрядных программ для iOS долгое время представлял головную боль для обычных пользователей.

Прежде всего оно привлекательно для геймеров, позволяя им запускать старые игры для iOS, чего они были лишены уже более 10 лет.

Его версия для iOS не требует создания локальной версии самой платформы iOS на устройстве запуска.

Пожалуй, самым популярным эмулятором для iOS и запуска на настольных системах (Windows, Mac и Linux) является Smartface.

ВыводыНовый эмулятор touchHLE для iOS сделал невозможное: он позволил легально запускать игры на платформе iOS в режиме эмуляции.

Кластер Kaspersky Scan Engine с централизованным управлениемФактически, кластер Kaspersky Scan Engine — это набор его экземпляров, которые используют единую базу данных.

Управление профилями экземпляров кластера Kaspersky Scan EngineСистемные требования Kaspersky Scan EngineKaspersky Scan Engine может работать под управлением как ОС Linux, так и ОС Windows (7 и выше / Server 2008 R2 и выше).

В Kaspersky Scan Engine предусмотрена возможность настройки индивидуальных правил в рамках ICAP-режима в зависимости от типа и результата сканирования.

ВыводыKaspersky Scan Engine 2.1 является удобным и легко встраиваемым в корпоративные системы средством обнаружения киберугроз и борьбы с ними.

Kaspersk…

Как итог, PT XDR может предложить ИБ- и SOC-командам решение для мониторинга угроз в сети организации и реагирования на них, а также возможность работы над ошибками и поиска уязвимых мест в инфраструктуре.

Модули сбора передают данные о событиях в модули обнаружения и в сторонние системы через сервер агентов.

Интеграция: отправка событий на Syslog-сервер и в MaxPatrol SIEM, отправка отчётов в MaxPatrol VM, проверка файлов в PT Sandbox, отправка в иные внешние системы.

Отметим, что PT XDR передаёт вердикты PT Sandbox другим подключённым агентам, обеспечивая проактивную защиту.

При этом PT XDR анализирует множество потоков данных из различных источников и на их основе повышает корректность ср…

Согласно исследованию российского рынка информационной безопасности, проведённому Anti-Malware.ru, сегмент защиты данных в 2020 году оценивался в 7,6 млрд рублей.

Рынок защиты данных в России по сегментам в 2020 годуИсторически, значительную часть потребностей российского рынка в виртуальных комнатах данных закрывали зарубежные компании.

Обзор мировых систем безопасного хранения данных и обмена имиAnsaradaПроизводитель — компания из Сиднея, основанная в 2005 году.

Интерфейс системы iDealsОсобенности:Удобное ценообразование как для малого и среднего бизнеса, так и для крупных компаний и холдингов.

Обзор российских систем безопасного хранения данных и обмена имиEveryTagКомпания «ЭвриТег» была…

Шаг второй: определение объектов воздействияФактически шаг 1 и шаг 2 представляют собой ручную проверку актуальности содержимого перечней, которая осуществляется экспертно.

В любом случае последние этапы определения актуальных угроз и их связь со сценариями являются слабым местом методики, поскольку их невозможно связать автоматически без значительного упрощения.

Кроме того, в новом перечне отсутствует разделение на внутренних и внешних нарушителей, в отличие от старой методики.

Это приводит к вопросу: планируется строить защиту системы от угроз или от способов их реализации?

Можно ли будет использовать инструмент в качестве однозначно корректного генератора моделей угроз, который однозначн…

В опросе приняли участие более 1000 специалистов и руководителей ИТ и ИБ, работающих в государственных, коммерческих и некоммерческих организациях во всех сферах экономики.

Варианты обучения сотрудников основам ИБ-грамотности («СёрчИнформ», 2023)Проведённое исследование позволило получить общее представление о том, как сейчас организовывается процесс корпоративного обучения ИБ в России.

В то же время многие респонденты отметили, что на тренингах не следует слишком сильно углубляться в технические детали, связанные с ИБ.

В их число не вошли те 5 %, которые заявили, что не знают, предусмотрен в компании какой-либо контроль за результатами участия в тренингах или нет.

Темы обучения сотрудников…

Мировой рынок криптошлюзовСогласно исследованию компании Global Market Insights, ожидается, что к 2032 году VPN с удалённым доступом принесёт около 50 % прибыли.

Согласно исследованию Anti-Malware.ru, в 2020 году объём продаж VPN-шлюзов в России составил 5 млрд рублей (14,4 % рынка сетевой безопасности).

Реализация криптографических функций осуществляется по ГОСТ 28147-89, ГОСТ Р 34.12-2015, ГОСТ Р 34.13-2015, ГОСТ Р 34.10-2012, ГОСТ Р 34.11-2012 и требованиям ФСБ России.

Криптографическая защита и фильтрация распространяются как на трафик подсетей, проходящий через шлюз, так и на его собственный поток данных.

Поддержка L3 VPN и L2 VPN.

Каково место продуктов класса Distributed Deception Platform (DDP) среди других средств информационной безопасности?

Эти и другие вопросы мы обсудили на очередной онлайн-конференции AM Live с представителями российских вендоров и системных интеграторов, специализирующихся на DDP.

DDP используется для того, чтобы на этапе бокового перемещения завести злоумышленника не на реальную инфраструктуру, а на ложные объекты.

По словам спикеров, спрос на DDP в последнее время постоянно растёт.

Полезным вариантом «пилотирования» является проведение пентеста, который способен наглядно показать полезность Distributed Deception Platform для информационной безопасности компании.

Расскажем о причинах актуальности таких решений для России и о том, почему Gartner назвала EASM трендом на ближайшие 5–10 лет.

Что такое EASM, почему это стало мировым трендом и актуально ли это для России — рассказывает Владимир Иванов, генеральный директор ScanFactory.

Через уязвимости на периметре злоумышленники проникают во внутреннюю сеть и развивают атаки на критически важные ресурсы организации.

Что такое External Attack Surface Management (EASM)Агентство Gartner создало категорию «управление площадью атак извне» (External Attack Surface Management, EASM) в 2021 году.

EASM — это класс решений, которые обнаруживают и сканируют все публичные активы компании, находят там уязвимости и пр…

Расскажем об эффекте выявления угроз, полученном с помощью Kaspersky EDR Optimum и Kaspersky Sandbox.

Эффект даёт комбинация продуктов Kaspersky EDR Optimum и Kaspersky Sandbox, которая обеспечивает автоматизированное обнаружение угроз путём анализа в изолированной среде.

Совсем скоро, 14 марта 2023 г. в 11:00 по московскому времени, компания Wone IT — платиновый партнёр «Лаборатории Касперского» — проведёт вебинар с реальной демонстрацией продуктов: «Обнаружение угроз путём анализа в изолированной среде с помощью Kaspersky EDR Optimum и Kaspersky Sandbox».

Добавление нужных элементовИтак, мы активировали и настроили функциональность Kaspersky EDR Optimum вместе с Kaspersky Sandbox.

Более п…

Dozor Endpoint Agent для ОС Windows — один из представленных на российском рынке полнофункциональных продуктов для мониторинга и контроля деятельности пользователей рабочих станций.

Интерфейс Solar Dozor: примеры экрановКонтроль действий сотрудников на рабочих станциях с помощью Dozor Endpoint Agent для WindowsДля контроля действий пользователей на рабочих станциях в Solar Dozor применяется отдельный модуль — Dozor Endpoint Agent (агент).

Пример: в одной из крупнейших в РФ действующих инсталляций Solar Dozor — в «СберБанке» — эксплуатируется 250 тыс.

Интерфейс Solar Dozor, карточка сотрудника: сведения об устройствах и попытках их подключенияКонтроль печатиС помощью Dozor Endpoint Agent для…

Задачи авторизации, которые надо решить в банкеДавайте пробежимся по списку проблем и задач, связанных с авторизацией и аутентификацией в больших банках.

И для каждого случая нам приходилось писать интеграционные адаптеры и где-то их размещать.

С Keycloak появляется единый центр авторизации и аутентификации: для пользователей банка, клиентов банка, систем банка и сервисов банка, находящихся в рамках различных систем.

Теперь расскажу про платформу и Keycloak, и как там у нас все работает.

– Предположим, в одном приложении пользователь входит по логину и паролю, во втором по номеру телефона и SMS, а в третьем по паролю и двухфакторной авторизации, это будут разные пользователи?

IAMeter: что это и зачемМы выложили в открытый доступ на GitHub новую версию IAMeter — уязвимого приложения, созданного специально для оценки эффективности SAST-анализаторов.

XXE.phpТак, после отключения загрузки внешних сущностей на строке 4 вызов XML-парсера, пусть и с потенциально зараженными данными, на строке 5 является безопасным.

StringSemantics.phpВ первом случае, на строке 25, все символы строки заменяются на безопасный символ, поэтому уязвимости на строке 26 нет, в отличие от примера на строке 30, где на безопасный заменяется только один конкретный символ.

Невалидный код не может быть уязвимым, однако анализаторы, которые это игнорируют, найдут уязвимость в строке 17.

🔸Предлагаем …

Автор статьи: Александр Колесников Вирусный аналитикСтатья расскажет о том, какие инструменты существуют для анализа форматов файлов и на практике продемонстрирует как можно анализировать данные, которые помещены в какой-то формат.

В статье будем анализировать простые примеры файлов, чтобы можно было производить экспресс анализ.

Форматы файлов и быстрый анализИсследование любого формата файла начинается с процедуры его просмотра.

Hiew, Hex 010 Java VM, UnicornПопробуем проанализировать несколько файлов, в к качестве примеров возьмем несколько файлов из вот этого ресурса.

Судя по всему приложение что-то смогло найти, попробуем достать:Таким образом можно поверхностно и быстро анализировать ф…

На рисунке 1 представлена статистика атак на RDP.

Рост числа атак на RDP в марте 2020Таким образом, протокол RDP становится всё более востребованным в том числе и для злоумышленников.

В данной статье описаны основные виды атак на RDP, уязвимости и способы их эксплуатации, а также предложены некоторые рекомендации по повышению уровня защищенности RDP.

Помимо приведенных выше способов доступность службы RDP проверяется обычными утилитами:в Windows: mstscв Linux: freerdp:xfreerdp /f /u:ИМЯ-ПОЛЬЗОВАТЕЛЯ /p:ПАРОЛЬ /v:ХОСТ[:ПОРТ]Далее перейдем с основным видам атак на RDP и уязвимостям.

На рисунке 28 представлен демонстрационный стенд на Windows с включенной службой удаленного рабочего стола и ра…

Фишинг — это тип атаки, используемый киберпреступниками для получения конфиденциальной информации, такой как имена пользователей, пароли и номера кредитных карт.

Один из самых распространенных способов сделать это — создать поддельные веб-сайты, имитирующие настоящие, на доменных именах похожих на настоящие.

Обнаружение фишинговых доменов имеет важное значение для уменьшения количества возможных жертв мошенников.

Тема с обнаружением фишинга не маленькая и технические особенности описывать не стану.

Хорошими, но не единственными источниками новых доменных имен могут являться корневые зоны Centralized Zone Data Service, а также база ssl-сертификатов Certificate Transparency.

Это второй пост в нашей серии о проверяемо безопасных вычислениях, начало в статье о проверках прокси.

Многие производители процессоров предлагают подобные безопасные анклавы как для серверов, так и для домашних ПК.

Это означает, что мы не можем видеть данные, которые попадают в анклав, и вычисления, проходящие внутри него.

Что остановит Brave от того, чтобы заявить, что мы исполняем добросовестный код, но вместо этого запускать зловредный?

Теперь Алиса может раскрыть дату своего рождения приложению в анклаве, потому что она знает, что эти данные будут в безопасности.

Всё это не только для красоты и визуального удобства: по имени можно производить поиск, а цвет и теги указывать в качестве фильтров.

Кроме того, в расширенной лицензии можно настроить автоматическую синхронизацию групп пользователей из LDAP/AD с ролями в Пассворк.

Если в Пассворк вдруг будут происходить какие-то массовые подозрительные действия — это можно будет заметить в логеНаконец, куда без импорта и экспорта данных.

Пассворк распространяется как в виде готового Docker-контейнера, так и в виде дистрибутива для Linux и Windows Server.

С Пассворк можно работать через API, — это не особенно нужно обычному пользователю, зато полезно для автоматизации и Continuous Integration.

Напомним, как в нашем эксперименте все было устроено.

Аудит прав доступаТут все просто: нужно было сверить с эталонной матрицей доступов, как по факту распределены права пользователей.

Как раз об этом рассказывал выше: просто кликаешь по папке правой кнопкой мыши, и, как в режиме администрирования в ОС, переназначаешь права.

Мониторинг нарушенийЗаключительный этап – проверить, кто и что делает с файлами и не пытается ли обойти запреты.

Я привык ежедневно разбирать перехват, разбираться с тем, как сотрудники работают с конфиденциальными данными.

Схема запуска RAT, как и в прошлой версии, использует DLL Hijacking и приведена на рисунке:Опишем подробнее каждый этап.

Это изменение «ломает» вышеупомянутое yara-правило, так как базовые строки правила$base = "CLNTSRVRclient finished" ascii wide$base2 = "CLNTserver finished" ascii wideв wolfSSL версии ниже 4.4.0 выглядят по-другому:Для детектирования wolfSSL любых версий можем порекомендовать использовать жестко закодированные последовательности md5 inner pad и md5 outer pad, которые также используются при формировании Finished-сообщений и задаются в файле wolfssl/internal.c :Константа PAD_MD5 определена в файле wolfssl/internal.h :PAD_MD5 = 48, /* pad length for finished */Таким образом,…

Статья расскажет о специальностях, которые так или иначе относятся сегодня к информационной безопасности.

Основной акцент будет сделан на многообразии специализаций, которые формально могут не относиться к информационной безопасности, но их деятельность может быть использована для исследований, создания систем, которые будут помогать обеспечивать безопасность информации.

Информационная безопасность и вопрос обученияИнформационная безопасность - достаточно сложная и обширная дисциплина.

Дело в том, что образовательной программе по защите информации уже больше 20 лет, а всё, что связано с информационными технологиями, и в частности с информационной безопасностью, стремительно развивается.

Как…

Ключ и IV генерируются с помощью функции Rfc2898DeriveBytes с неким паролем и солью [1, 2, 3, 4, 5, 6, 7, 8] .

После шифрования в файл записывается пароль в XML-теге , который зашифрован RSA1024-OAEP и закодирован в Base64, после чего идет сам зашифрованный файл, закодированный в Base64.

Размер файла больше или равен 2 117 152 байтам, но меньше или равен 200 000 000 байтам.

Генерируется размер / 4 случайных байта и помещаются в файл в таком же формате, как в первом случае, со случайным зашифрованным паролем, делая файл теоретически невосстанавливаемым.

Генерируется случайное число байтов в промежутке от 200 000 000 до 300 000 000 и помещается в файл в таком же формате, как в первом случае,…

Она частый гость профильных подборок «Лучшие книги по Linux», и её можно найти в свободном доступе.

Также можем рекомендовать более продвинутые книги: The Linux Programming Interface и Learning Modern Linux от O’Reilly.

Языки программированияВ онлайн-сообществе freeCodeCamp составили дорожную карту для изучения JavaScript, HTML и CSS, но с майлстоунами и для других ЯП.

Начать знакомство с новым языком можно с профильной литературы.

Подробнее о Kubernetes и запуске приложений в облако можно узнать на нашем вебинаре Из других обязательных технологий — GitHub и Jenkins.

Вот шпаргалка по использованию Gitleaks:Установите Gitleaks: Вы можете установить Gitleaks на свою систему с помощью менеджера пакетов для вашей операционной системы или загрузив бинарный релиз со страницы Gitleaks на GitHub.

Настройте Gitleaks: Вы можете настроить Gitleaks, создав конфигурационный файл с правилами, которые вы хотите использовать.

Сканирование репозиториев: Вы можете сканировать репозитории с помощью Gitleaks, выполнив команду gitleaks --repo=<путь к репозиторию> из командной строки.

Игнорировать файлы или каталоги: Вы можете настроить Gitleaks на игнорирование определенных файлов или каталогов при сканировании репозиториев.

Для получения дополнительной информации вы можете…

В этой статье будет рассмотренно продолжение известной по прошлому году истории о подходе к обработке персданных в «Ситимобил».

В этой заметке я хочу показать свой взгляд пользователя на то, как происходит обработка изображений паспортов и персданных водителей в «Ситимобил» через 2.5 месяца после утечки.

Регистрация водителяВ середине февраля я решил попробовать зарегистрировать себя в качестве водителя в «Ситимобил».

В нем была представлена «Политика конфиденциальности в отношении обработки персональных данных конечного пользователя Приложения Ситимобил и Сервиса».

Про водителей и обработку персданных водителей в мобильном приложении «Ситистарт (работа в такси)» я в этом документе и на сай…

Разработчики Microsoft уже тестируют обновленную версию инструмента Snipping Tool («Ножницы») для Windows 11, в которой исправлена недавно обнаруженная уязвимость, получившая название aCropalypse.

Вскоре после раскрытия данных об оригинальной проблеме выяснилось, что эта уязвимость представляет опасность и для инструмента Snipping Tool («Ножницы») в Windows 10 и 11.

Эксперты продемонстрировали успешное восстановление изображений в формате PNG, и допустили, что то же самое можно проделать и с файлами JPG.

Как теперь сообщает издание Bleeping Computer, журналисты которого ранее тестировали проблему aCropalypse в Windows, разработчики Microsoft уже распространяют исправленный Snipping Tool для…

Google удалила из официального Chrome Web Store поддельное расширение для Chrome, которое маскировалось под официальный ChatGPT от OpenAI и был загружено более 9000 раз.

Дело в том, что расширение похищало cookie сеансов Facebook * и использовалось для захвата чужих учетных записей.

Вредоносное расширение было копией настоящего ChatGPT for Google и якобы предлагало интеграцию ChatGPT с результатами поиска.

Расширение было загружено в Chrome Web Store 14 февраля 2023 года, но автор начал продвигать его с помощью рекламы в поиске Google только 14 марта 2023 года.

Отмечается, что «угнанные» таким способом аккаунты в итоге использовались для распространения вредоносной рекламы и для продвижения…

Исследователи объясняют, что обычно злоумышленники взламывают сайты на базе Magento или WordPress, на которых работает WooCommerce, и внедряют вредоносный код JavaScript прямо в код магазина или на страницу оформления заказа.

Для приема банковских карт магазины используют системы процессинга платежей, например, Authorize.net (более 440 000 клиентов по всему миру).

Изучая атаку на своего клиента, аналитики Sucuri обнаружили, что злоумышленники изменили один из файлов Authorize.net (class-wc-authorize-net-cim.php), поддерживающих интеграцию платежного шлюза в среду WooCommerce.

Если платежные данные присутствуют в запросе, код злоумышленников генерирует случайный пароль, шифрует информацию же…

ИБ-исследователи сообщили, что в открытом доступе появилась вторая часть дампа, предположительно полученного из мобильного приложения бонусной программы «СберСпасибо» (spasibosberbank.ru).

В дампе так же содержатся номера телефонов, даты рождения, регистрации в сервисе, дата последнего входа, а также хэшированные номера карт.

Напомню, что в первом дампе содержится 100 092 292 уникальных хешей карт.

Выборочная проверка номеров банковских карт (через переводы с карты на карту) показала, что часть карт действительны, и перевод на них возможен, а на часть карт, видимо, уже неактивны, так как перевод на них невозможен.

В середине марта представители «СберСпасибо» уже сообщали СМИ, что проверят и…

Владельцам роутеров Netgear Orbi стоит убедиться, что их устройства работают с новейшей версией прошивки, так как в открытом доступе опубликованы PoC-эксплоиты для критических уязвимостей в старых прошивках.

Устройства Netgear Orbi и вспомогательные сателлиты для них предназначены для развертывания беспроводных ячеистых сетей с высокой пропускной способностью в офисах или жилых помещениях большой площади (например, в офисах, отелях или больших домах).

Это единственный из четырех багов, который не был устранен Netgear в январе, однако это не помешало специалистам Cisco опубликовать PoC-эксплоит и для него тоже.

Третья уязвимость, CVE-2022-36429, представляет собой проблему инъекций команд и …

ИБ-эксперты обнаружили, что уязвимость aCropalypse, позволяющая восстановить оригинал изображения отредактированного на устройстве Google Pixel (при помощи инструмента Markup), превращается в 0-day для Windows.

Оказалось, баг работает и для изображений, обрезанных при помощи Windows Snipping Tool («Ножницы»), то есть для этих картинок тоже можно восстановить ранее удаленный контент.

При открытии файла в Snipping Tool и перезаписи существующего файла, происходит то же самое, что и в Markup: вместо усечения неиспользуемых данных инструмент помещает неиспользуемые данные в конец файла, что в итоге позволяет частично восстановить их.

Отмечается, что не все файлы PNG подвержены этой проблеме, и …

По­лучить несан­кци­они­рован­ный дос­туп к чужому устрой­ству мож­но не толь­ко с исполь­зовани­ем USB-пор­тов, но и через Ethernet-соеди­нение, которых в сов­ремен­ных офи­сах пре­дос­таточ­но.

В этой статье мы под­робно рас­ска­жем, как зло­умыш­ленни­ки могут проб­рать­ся в локаль­ную сеть с помощью спе­циаль­ного «невиди­мого» девай­са и как этот девайс устро­ен.

При­чем под­клю­чит это хакер­ское устрой­ство не отклю­чая основное, а вкли­нив его «посере­дине».

d dhcpcd disableТе­перь необ­ходимо скон­фигури­ровать авто­мати­чес­кое объ­еди­нение интерфей­сов eth0 и eth1 в сетевой мост:/etc/network/interfacesiface eth0 inet manual iface eth1 inet manual auto br0 iface br0 inet dhcp 0 b…

Журналист и ведущий Ecuavisa был ранен, после того как получил по почте USB-флешку, а она взорвалась при подключении к компьютеру.

Такие же девайсы были отправлены еще как минимум пяти эквадорским журналистам.

По данным полиции, взорвалась только половина заложенного в USB-накопитель заряда, и исход мог быть более печальным, если бы все прошло, как планировали злоумышленники.

Полиция установила, что в накопителе содержалась взрывчатка, но из-за адаптера, использованного продюсером, активации заряда не произошло.

Исследователь говорит, что такие атаки, к сожалению, могут быть весьма эффективными для террористов.

Аналитики компании Check Point сообщили об обнаружении нового инжектора DotRunpeX, написанного на .NET и использующего Process Hollowing.

По данным специалистов, пока dotRunpeX находится в разработке, но уже защищен он анализа и обнаружения виртуализацией (адаптированная версия KoiVM) и обфускацией (ConfuserEx).

Анализ показал, что «каждый образец dotRunpeX содержит встроенную полезную нагрузку определенного семейства малвари для внедрения».

Это осуществляется благодаря злоупотреблению уязвимым драйвером procexp.sys, который встроен в dotRunpeX и позволяет добиться выполнения кода в режиме ядра.

Исследователи отмечают, что некоторые признаки указывают на связь dotRunpeX с русскоязычными зло…

На этой неделе Google открыла доступ к своему чат-боту Bard на базе ИИ (bard.google.com).

В компании подчеркивают, что пока Bard – это лишь эксперимент, и он может ошибаться и «галлюцинировать».

Например, чат-бот уже заявил, что обучался на данных из поиска Google, Gmail и других продуктов компании.

Как и любой генеративный ИИ, Bard может ошибаться и «галлюцинировать», что на ярком примере уже подтвердила специалистка Microsoft Research Кейт Кроуфорд (Kate Crawford).

В компании подчеркнули, что Bard не обучался на данных, полученных из Gmail.

Эксперты «Лаборатории Касперского» рассказали об атаке, обнаруженной в конце 2022 года и направленной на правительственные, сельскохозяйственные и транспортные организации, расположенные в регионах Донецка, Луганска и Крыма.

Если скачать такой архив и кликнуть на ярлык, на устройство проникнет бэкдор PowerMagic.

Он получает команды из удаленной папки, расположенной в публичном облаке, выполняет их и затем загружает результаты исполнения файлов обратно в облако.

PowerMagic внедряется в систему и остается в ней даже после перезагрузки зараженного устройства.

Загружает результат выполненной команды в облачное хранилище, помещая его в файл /$AppDir/$ClientResultDir/.<временная метка>.

Эксперты JFrog предупредили, что злоумышленники атакуют разработчиков .NET через пакеты из репозитория NuGet и заражают их системы малварью, ворующей криптовалюту.

Атакующие маскируют свои пакеты (три из них которых были загружены более 150 000 раз за месяц) под реально существующие популярные инструменты, используя тайпсквоттинг.

Исследователи отмечают, что большое количество загрузок может указывать на большое количество разработчиков, чьи системы были скомпрометированы, однако также нельзя исключать версию, что хакеры специально использовали ботов для искусственной накрутки «популярности» своих пакетов в NuGet.

Также отмечается, что злоумышленники использовали тайпсквоттинг при создании …

Оставшийся администратор сайта, Baphomet, сообщил, что правоохранительные органы могли получить доступ к серверам ресурса и машине Pompompurin’а, а значит, продолжать работу небезопасно.

Напомню, что в начале текущей недели американские правоохранительные органы сообщили об аресте жителя Нью-Йорка, который, как они считают, является владельцем и основателем хакерского форума BreachForums, и известен в сети как Pompompurin.

Сразу после ареста Pompompurin’а администраторы BreachForums уверяли, что даже в отсутствии основателя сайт продолжит работу в штатном режиме, так как админы имеют полный доступ к его инфраструктуре.

Но теперь Baphomet опубликовал «последнее обновление» и сообщил, что, по…

The threat actor, active since at least 2012, is tracked by the broader cybersecurity community under Bronze President, HoneyMyte, Mustang Panda, RedDelta, and Red Lich.

Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control (C2), and data exfiltration.

"By using this technique, the malicious actor behind the attack can successfully bypass scanning services."

"Apart from well-known legitimate tools, the threat actors also crafted highly customized tools used for exfiltration," the researchers noted.

"Earth Preta is a capable and organized threat actor that is continuously honing its TTPs, strengthening…

Patches have been released for a critical security flaw impacting the WooCommerce Payments plugin for WordPress, which is installed on over 500,000 websites.

The flaw, if left unresolved, could enable a bad actor to gain unauthorized admin access to impacted stores, the company said in an advisory on March 23, 2023.

Put differently, the issue could permit an "unauthenticated attacker to impersonate an administrator and completely take over a website without any user interaction or social engineering required," WordPress security company Wordfence said.

WooCommerce also said it worked with WordPress to auto-update sites using affected versions of the software.

WEBINAR Discover the Hidden Dan…

Google has stepped in to remove a bogus Chrome browser extension from the official Web Store that masqueraded as OpenAI's ChatGPT service to harvest Facebook session cookies and hijack the accounts.

The "ChatGPT For Google" extension, a trojanized version of a legitimate open source browser add-on, attracted over 9,000 installations since March 14, 2023, prior to its removal.

It was originally uploaded to the Chrome Web Store on February 14, 2023.

The development makes it the second fake ChatGPT Chrome browser extension to be discovered in the wild.

The other extension, which also functioned as a Facebook account stealer, was distributed via sponsored posts on the social media platform.

An emerging Android banking trojan dubbed Nexus has already been adopted by several threat actors to target 450 financial applications and conduct fraud.

"Nexus appears to be in its early stages of development," Italian cybersecurity firm Cleafy said in a report published this week.

"Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception."

It's also said to overlap with another banking trojan dubbed SOVA, reusing parts of its source code and incorporating a ransomware module that appears to be under active development.

A point worth mentioning here is that Nexus is …

Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions introduced into the market.

CYE's new Cybersecurity Maturity Report 2023 tackles this question by shedding light on the strength of cybersecurity in different sectors, company sizes, and countries.

It measures cybersecurity maturity across seven different security domains, including application level security, network level security, identity management and remote access, and more.

However, organizations can still achieve a high cybersecurity maturity posture without a large budget, if they plan and spend correctly.

Schedule a demo to see …

Telecommunication providers in the Middle East are the subject of new cyber attacks that commenced in the first quarter of 2023.

The intrusion set has been attributed to a Chinese cyber espionage actor associated with a long-running campaign dubbed Operation Soft Cell based on tooling overlaps.

The findings come amid revelations that various other hacking groups, including BackdoorDiplomacy and WIP26, have set their sights on telecom service providers in the Middle East region.

"Chinese cyber espionage threat actors are known to have a strategic interest in the Middle East," the researchers concluded.

"These threat actors will almost certainly continue exploring and upgrading their tools wi…

German and South Korean government agencies have warned about cyber attacks mounted by a threat actor tracked as Kimsuky using rogue browser extensions to steal users' Gmail inboxes.

The intrusions are designed to strike "experts on the Korean Peninsula and North Korea issues" through spear-phishing campaigns, the agencies noted.

Primary targets of interest include entities in the U.S. and South Korea, particularly singling out individuals working within the government, military, manufacturing, academic, and think tank organizations.

"This threat actor's activities include collecting financial, personal, and client data specifically from academic, manufacturing, and national security indust…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released eight Industrial Control Systems (ICS) advisories on Tuesday, warning of critical flaws affecting equipment from Delta Electronics and Rockwell Automation.

"Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to obtain access to files and credentials, escalate privileges, and remotely execute arbitrary code," CISA said.

Two other deserialization flaws, CVE-2023-1139 (CVSS score: 8.8) and CVE-2023-1145 (CVSS score: 7.8) could also be weaponized to obtain remote code execution, CISA cautioned.

Even more troublingly, the adversary could weaponize CVE-2023-28755 to overwrite existi…

The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware.

"The group is constantly evolving its tools, techniques, and procedures while experimenting with new file formats and methods to bypass security vendors," Zscaler researchers Sudeep Singh and Naveen Selvan said in a new analysis published Tuesday.

RESERVE YOUR SEATThe insights about ScarCruft's various attack vectors come from a GitHub repository maintained by the adversarial collective to host malicious payloads since October 2020.

Outside of malware distribution, ScarCruft has also been observed serving credential phishing we…

Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide.

Active Directory VulnerabilitiesFrom the outside, a properly configured AD domain offers a secure authentication and authorization solution.

Best Practices for Securing Active DirectoryTo secure Active Directory, there are many best practices to follow.

Keeping Active Directory Secure with Specops Password PolicyUnderpinning many of the security recommendations is a strong password policy.

Protecting Active Directory from Insider ThreatsThough it may be impossible to protect against every threat, by taking in-depth looks into existing permission structures, active users, and the technic…

The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware.

The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down.

While NuGet packages have been in the past found to contain vulnerabilities and be abused to propagate phishing links, the development marks the first-ever discovery of packages with malicious code.

The malware incorporated within the software packages functions as a dropper script and is designed to automatically run a PowerShell code that retrieves a follow-on binary from a hard-coded server.

As an added obfusc…

The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia.

The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "network-based forms of detection."

The threat actor's modus operandi suggests overlaps with another hacking group dubbed ChamelGang, which was documented by Russian cybersecurity company Positive Technologies in October 2021.

DOORME, an Internet Information Services (IIS) backdoor module, provides remote access to a contested network and executes additional malware and tools.

WEBINAR Discover the Hidden Dangers of Third-Pa…

EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.

The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.

That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.

“With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.

Last week, the Biden administrati…

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.

In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.

Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.

This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.

The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

“These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.

“The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.

What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’…

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

After a recent dip, ransomware attacks are back on the rise.

With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.

It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.

Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.

Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.

According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.

Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Twitter has responded alleging that Zatko is a “disgruntled employee” who was fired for poor performance and leadership.

This, according to Zatko, elevates his concerns to a matter of national security.

Twitter allowed some foreign governments “… to infiltrate, control, exploit, surveil and/or censor the ‘company’s platform, staff, and operations,” according to the redacted whistleblower report submitted to congress.

NEW: First time Twitter CEO @paraga weighs in on whistleblower story.

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Earlier this month, Palo Alto Networks issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.

PAN-OS versions vulnerable to attack, with patches available, include PAN-OS prior to 10.2.2-h2, PAN-OS prior to 10.1.6-h6, PAN-OS prior to 10.0.11-h1, PAN-OS prior to 9.1.14-h4, PAN-OS prior to 9.0.16-h3 and PAN-OS prior to 8.1.23-h1.

CISA Adds Bug to KEV CatalogOn Monday, CISA added the Palo Alto Networks bug to its list of Known Exploited Vulnerabilities Catalog.

This type of attack allows an adversary to magnify the amount of malicious traffic they …

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Warnings come from security researchers who say TA558 cybercriminals have revamped their 2018 campaigns with fake reservation emails that contain links – that if clicked – deliver a malicious malware payload containing a potpourri of malware variants.

ISO and RAR are single compressed files, that if executed, decompress the file and folder data inside of them.

TA558 conducted 27 campaigns with URLs in 2022, compared to just five campaigns total from 2018 through 2021.

This actor used a variety of delivery mechanisms including URLs, RAR attachments…

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack.

One of the flaws is a kernel bug (CVE-2022-32894), which is present both in iOS and macOS.

“For most folks: update software by end of day,” tweeted Rachel Tobac, the CEO of SocialProof Security, regarding the zero-days.

The flaws in iOS are especially worrying, given the ubiquity of iPhones and users’ utter reliance on mobile devices for their daily lives, he said.

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.

Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19.

FedCM—short for the Federated Credential Management API–provides a use-case-specific abstraction for federated identity flows on the web, according to Google.

Fifth Chrome 0Day Patch So FarThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.

In April, Google patched CVE-2022-136…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Managed detection and response (MDR) combines all this.

A surge in supply chain complexity that provides attackers with opportunities to target managed service providers (MSPs), upstream open source repositories and smaller suppliers.

that provides attackers with opportunities to target managed service providers (MSPs), upstream open source repositories and smaller suppliers.

That means you must add threat detection and response to preventative efforts.

Extended detection and response (XDR) is an increasingly popular way of achieving this.

This then begs the question: have you prepared for the demise of free SMS 2FA so that you avoid putting your Twitter account at heightened risk for hacking?

Here’s how you can enhance the security of your Twitter account without SMS 2FA – and keep it more secure than ever before.

What else can you do to improve your Twitter security?

While switching away from SMS-borne 2FA, make sure to review your account security and privacy settings.

And if you already are, or plan to become, a Twitter Blue subscriber, you’re clearly best off ditching SMS 2FA in favor of an authenticator app or a hardware key.

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit SuisseWhen mayhem, panic and chaos set in – as has been the case following the meltdowns of Silicon Valley Bank (SVB) and Signature Bank and the struggles of Credit Suisse in recent days – cybercriminals jump in and seize the opportunity.

In this video, Tony walks you through some of the main tricks that people and organizations may encounter online during the ongoing banking turmoil.

Learn what to look out for and how to stay safe from SVB-themed and similar scams.

Make sure to give also our blogpost a read: SVB’s collapse is a sc…

The COVID-19 pandemic and Russia’s invasion of Ukraine are perhaps the most obvious examples, but the most recent one is the collapse of Silicon Valley Bank (SVB).

Ambulance-chasing phishing and business email compromise (BEC) attempts are already hitting inboxes across the globe.

The SVB scams so farThere’s nothing new in scammers piggy-backing on news events to improve their success rates.

These include:The fact that there’s lots of money at stake: SVB had an estimated US$200 billion in assets when it went bust.

SVB BEC threatsAs mentioned, this news event is also slightly unusual in providing the perfect conditions for BEC attacks to flourish.

In addition to the trojanized WhatsApp and Telegram Android apps, we also found trojanized Windows versions of the same apps.

Defense Evasion T1070.001 Indicator Removal: Clear Windows Event Logs Trojanized Windows Telegram is capable of deleting event logs.

T1622 Debugger Evasion Trojanized Windows Telegram checks the BeingDebugged flag of PEB to detect whether a debugger is present.

Discovery T1010 Application Window Discovery Trojanized Windows Telegram is able to discover application windows using EnumWindows .

T1565.002 Data Manipulation: Transmitted Data Manipulation Trojanized Windows Telegram swaps cryptocurrency wallets in Telegram communication.

The customer portfolio of the DLP company includes government and military entities, making the compromised company an especially attractive target for an APT group such as Tick.

In April, the attackers began to introduce trojanized copies of the Q-dir installers in the network of the compromised company.

In February and June 2022, the trojanized Q-dir installers were transferred via remote support tools to customers of the compromised company.

It was deployed and executed by a legitimate update agent from software developed by the compromised company.

These computers had software from the compromised company installed on them, and the trojanized Q-dir installer was received minutes after t…

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage.

Or perhaps you’ve just put the phone down on a tech support scammer who had access to your PC.

This personal data will be bought in large quantities and then used in automated attacks including follow-on phishing, payment fraud, account takeover or new account fraud (NAF).

5 signs you’ve become a victim of fraudWith that in mind, here are five signs you might have been scammed.

Sometimes, the first users hear about NAF is when they check their credit score and/or get turned down by a lender.

A request to move an online conversation to a supposedly more secure platform may not be as well-meaning as it soundsHave you ever been asked to move an online conversation to another – and supposedly more secure – platform?

This technique, often used by romance scammers, was recently used against a number of Indian and Pakistani netizens, possibly with a military or political background.

The targeted campaign – courtesy of the Transparent Tribe APT group and described in detail by ESET researchers earlier this week – distributed CapraRAT backdoors via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp.

Be sure to give the blog a read, too: Love scam or espionage?

T…

For a few thousand dollars, scammers can access information about endless numbers of actual, active WhatsApp users.

You ignore it, but then a second “beep beep” calls your attention to an incoming WhatsApp message from one of your contacts.

Surveys, packages and lotteries – they’re all fakeInstead of a money transfer, you might also be deceived into handing over your personal information.

Avoid sharing your personal information with people you don’t know.

Banks don’t message you on WhatsApp to ask questions.

Indeed, space research and exploration are increasingly vital for life on Earth.

Their ranks include Dr. Michaela Musilova, an astrobiologist who studies the limits of life on Earth and, perhaps even more importantly, searches for life in outer space.

The goal of the project is for my team and I to do research, educational and outreach activities while climbing up the tallest mountain on each continent.

If you would like to know more, I recently co-wrote a book about my life caled Žena z Marsu (A Woman from Mars).

I think scientists and the sciences are hopefully becoming more approachable these days because of various outreach activities.

CrimsonRAT is Windows malware, known to be used only by Transparent Tribe.

]tv, which was used in the past by Transparent Tribe to host its spyware.

]tv that was used in the past campaign controlled by Transparent Tribe, as reported by Cisco.

We have previously seen such baits being used by Transparent Tribe operators against their targets.

T1636.004 Protected User Data: SMS Messages CapraRAT can extract SMS messages.

A bootkit that ESET researchers have discovered in the wild is the BlackLotus UEFI bootkit that is being peddled on hacking forumsFor a mere $5,000, you can buy a UEFI bootkit called BlackLotus that can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled.

This week, ESET researchers published their analysis of BlackLotus that caused them to conclude that the bootkit they had discovered in the wild is indeed the BlackLotus bootkit peddled on hacking forums.

Now, what exactly can the bootkit do on the victim’s computer and why is it a major threat?

Find out in the video.

Be sure to check out the full technical write-up here: BlackLotus UEFI bootkit: Myth confirmedSig…

ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocolESET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group.

Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects.

AttributionWe attribute this new backdoor and the campaign to Mustang Panda with high confidence based on the following indicators.

Some of the infrastructure used in this campaign also matches the network fingerprint of previously known Mustang Panda servers.

T1587.001 Develop Capabilities: Malware MQsTTang is a custom backdoor, probably devel…

✅ True: Its final component acts as an HTTP downloader, as described in the HTTP downloader sectionBlackLotus’s advertisement on hacking forums claims that the HTTP downloader runs under the SYSTEM account within a legitimate process.

Based on these facts, we believe with high confidence that the bootkit we discovered in the wild is the BlackLotus UEFI bootkit.

Files deployed by the BlackLotus installer on systems with UEFI Secure Boot enabledFolder Filename Description ESP:\EFI\Microsoft\Boot grubx64.efi BlackLotus bootkit, malicious self-signed UEFI application.

BlackLotus UEFI bootkitOnce the persistence is configured, the BlackLotus bootkit is executed on every system start.

Persistence…

S3 Ep127: When you chop someone out of a photo, but there they are anyway…

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

MITRE launched its System of Trust risk model manager and established a community engagement group of 30 members.

Expanding from its free and open platform, System of Trust now delivers a collaborative community to identify and mitigate threats to supply chains—before they happen.

Leveraging the expertise of researchers and organizations, the community will further develop the framework’s body of knowledge and enhance supply chain security.

“Identifying supply chain risks that come from supplies, suppliers, service providers, etc., is a complex challenge due to the complex nature of modern supply chains,” said Wen Masters, vice president, cyber technologies, MITRE.

This web application allo…

Here’s a look at the most interesting products from the past week, featuring releases from ForgeRock, Vectra, Verosint, Vumetric, and Waterfall Security Solutions.

Waterfall Security Solutions launches WF-600 Unidirectional Security GatewayWaterfall Security Solutions launched the WF-600 Unidirectional Security Gateway, an OT security protection against remote cyber attacks.

Vumetric PTaaS platform simplifies cybersecurity assessments for organizationsThe Vumetric PTaaS platform provides self-service capabilities that allow organizations to schedule and manage assessments on-demand.

Verosint introduces account fraud detection and prevention solutionVerosint announced a new solution that hel…

We recently saw how threat actors deployed phishing to infect user endpoints at a massive scale with the IceXLoader malware.

There are routine tasks and maintenance tools that allow organizations to prevent these vulnerabilities getting exploited by attackers.

Patch management tools can scan devices, install patches (fixes), and provide reports on the success or failure of these actions.

In addition, organizations can leverage configuration management tools to maintain OS configuration files in the desired secure state.

As with OS vulnerabilities, the best defense against exploits are the frequently released third-party patches/updates, the implementation of which can be facilitated by endp…

Organizations worldwide pay ransomware fees instead of implementing solutions to protect themselves.

The ransom is just the tip of the iceberg regarding the damage a ransomware attack can wreak.

There is no need for organizations to bend to the will of cybercriminals.

The only thing paying ransoms will guarantee the payday they’re looking for, encouraging them to continue similar attacks in the future.

The permanent solution is patching the main pathways cybercriminals use to breach our defenses in the first place – and that starts with our email inboxes.

Though 65% of tech team leaders have been asked to cut costs, 72% still plan to increase their investment in tech skill development in 2023.

Investing in tech skills development helps equip overwhelmed employees with the tools needed to conquer these new and unfamiliar responsibilities.

Prioritizing cybersecurity, data science, and cloudAmid these workforce challenges, the report illuminates a decrease in tech skills confidence across respondents.

The top three skills technologists and technology managers are prioritizing to drive business value are cybersecurity, data science, and cloud.

25% of technologists are completely confident in their data skills while 8% are not confident at all.

Zenoss has released advanced identity management capabilities, helping ensure maximum protection of sensitive credentials while in use and at rest throughout the Zenoss Cloud platform.

This represents yet another key building block in the security and privacy features Zenoss has released since launching Zenoss Cloud in 2018.

The new Zenoss Cloud capabilities provide enhanced security for user credentials, controlling storage and usage under a central service, which is necessary for ensuring best practices are consistently applied.

The identity management framework also supports integrations with third-party secret management solutions.

“With the massive quantities of data organizations need…

Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures.

Keeping pace with existing, evolving and emerging cyber threats requires visibility, context and control for both known and unknown threats.

Vectra NDR with Vectra MatchVectra NDR — a key component of the Vectra platform — provides end-to-end protection against hybrid and multicloud attacks.

Vectra NDR empowers security and risk professionals with next-level intrusion detection.

Vectra NDR with Vectra Match is available for evaluati…

BlackBerry and Adobe have partnered to deliver a secure forms solution for mobile.

The software solution, which combines BlackBerry UEM and Adobe Experience Manager Forms, is designed for popular mobile device platforms, and meets the rigorous security standards required by regulated industries.

Furthermore, the partnership agreement allows BlackBerry to resell Adobe Experience Manager Forms software.

Prior to the partnership between BlackBerry and Adobe, users have been challenged in completing and approving documents away from their desktops, limiting their mission-critical mobility, and productivity.

“BlackBerry is delighted to partner with Adobe to solve this imperative security and pro…

SecureAuth and HashiCorp partnership will enable organizations to leverage SecureAuth’s advanced passwordless authentication and Multi-Factor Authentication (MFA) device recognition.

The SecureAuth solution can thus implement SSO with their product, providing visibility for both parties and allowing SecureAuth to be the credentials gateway for HashiCorp’s HCP Vault.

This integration bolsters identity security for HashiCorp customers, giving them device trust and passwordless authentication for a frictionless user experience.

“SecureAuth not only supports this product, but it makes HCP Vault more efficient and increases security.

This partnership will provide HashiCorp users with the ability…

Kasm Technologies has partnered with Oracle Cloud Infrastructure (OCI) to offer Workspaces for Oracle, a new Desktop-as-a-Service (DaaS), Remote Browser Isolation (RBI) and Containerized Application Streaming (CAS) solution.

Workspaces for Oracle offers a global and customized DaaS solution that’s secure, sustainable, and scalable.

Kasm Workspaces supports Workspace creation, session handling and rendering for servers over the KasmVNC, SSH, or RDP protocols, including support for Microsoft Windows.

Workspaces for Oracle provides security capabilities for a zero-trust environment, based on DLP technology, advanced graphics rendering, network isolation, and least privileged containers (LPC).

…

Brivo expands its mobile credential options by introducing support for employee badges in Apple Wallet.

“With employee badge in Apple Wallet, companies can now provide a secure, fluid experience for employees to access their spaces with just a tap of their iPhone or Apple Watch.”By expanding to add employee badge in Apple Wallet support, Brivo continues to lead the way in introducing the frictionless, mobile access experience to every space.

Brivo’s corporate customers can issue employee badge in Apple Wallet through the Brivo Access platform.

Users simply download the Brivo Mobile Pass mobile application and then tap “Add to Wallet” within the app to safely and securely add their employee …

A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found.

In this case, when searching for ChatGPT via Google Search, users are served with a malicious sponsored ad that first redirects them to a fake ChatGPT for Google landing page, and then to the malicious extension on the official Chrome Store.

From fake ChatGPT extension to hijacked Facebook accountThis extension is a copy of the popular “ChatGPT for Google” open-source extension, but is also capable of covert malicious action.

Source: Guardio LabsThe extension abuses the Chrome Extension API to get a list of Facebook-related session co…

Logged failed logins into a company’s Okta domain could be used by threat actors to discover access credentials of valid accounts, Mitiga researchers have found.

How to discover valid Okta credentials in logs“When logging in to their organization’s Okta domain, it is quite common for a user to mistakenly enter their password in the username field on the login page.

However, the unfortunate consequence of that action is that the failed login request is recorded in Okta audit logs,” Mitiga researchers Doron Karmi and Or Aspir explained.

This method for finding valid Okta credentials hinges on attackers’ ability to access and/or read Okta audit logs.

But what if the audit logs are saved in an …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

&nbsp;

Сделал презентацию по обновлению ISO 27001:2022 ISO 27001:2022 What has changed.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Моя презентация "ISO Survey 2021: ISO 27001 certificates".Сырые данные - https://www.iso.org/the-iso-survey.html

Как вы наверное знаете, я уже несколько лет собираю на Патреоне комплекты документов (рекомендации, чек-листы и шаблоны) полезные для внедрения СУИБ по ISO 27001 и обеспечения privacy (GDPR и ISO 27701):1. ISMS Implementation Toolkit (ISO 27001)2. Privacy Implementation Toolkit (GDPR and ISO 27701)Теперь все документы можно скачать и на российском сервисе Boosty - https://boosty.to/isms8020Подписывайтесь и поддержите этот проект!

Хочу вам напомнить, что рекомендации по внедрению СУИБ по стандарту ISO 27001 и подготовке к аудитам выложены на Boosty, язык русский - https://boosty.to/isms8020/posts/0f6f575a-26c3-4ff9-88fa-64799c3c9772

Обновил и опубликовал на Slideshare свою презентацию про стандарты и руководства по управлению ИБ при взаимодействии с поставщиками. Supply management 1.1.pdf from Andrey Prozorov, CISM

Опубликовал на SlideShare несколько своих старых презентаций по GDPR и Privacy:All about a DPIA - https://www.slideshare.net/AndreyProzorov/all-about-a-dpia-by-andrey-prozorov-20-220518pdfEmployee Monitoring and Privacy - https://www.slideshare.net/AndreyProzorov/employee-monitoring-and-privacypdfGDPR and Personal Data Transfers - https://www.slideshare.net/AndreyProzorov/gdpr-and-personal-data-transfers-11pdfGDPR and Security - https://www.slideshare.net/AndreyProzorov/gdpr-and-securitypdfGDPR RACI - https://www.slideshare.net/AndreyProzorov/gdpr-racipdfGDPR EU Institutions and bodies - https://www.slideshare.net/AndreyProzorov/gdpr-eu-institutions-and-bodiespdf

Говорят, чтобы пойти работать джун аппсеком достаточно научиться разворачивать какую-нибудь oauth proxy перед своими критическими сервисами.Согласны? Узнали? Какая ваша любимая? 🫠

Советую как будет время глянуть вчерашний ИБ-митап Яндекса, достаточно интересные и разные темы. Cразу спойлер — про слив упомянули, но ничего не рассказали, обещали потом.А вообще парням большой респект за то, что несмотря на то, что происходит в мире российского ИБ, они просто рассказывают важные и интересные вещи о том, как можно и нужно делать ИБ, без какого-либо продающего контекста (ну если только чуть-чуть). Ну и в опенсорс коммитят конечно же 🙂Все доклады классные, просто бери обводи и обновляй свои ИБ планы на 2023-2024 года.00:04:13 Про DevSecOps в Яндекс.Облаке, немного продающий облако, но затрагивающий лучшие практики о том, как построить процессы ИБ в финтехе и не только.01:10…

А вы знали, что OpenSSH на macOS позволяет пасс-фразы от ваших ssh-ключей добавить в keychain, чтобы автоматом подтягивать их при подключении?Делаем:ssh-add --apple-use-keychain ~/.ssh/[priv-key]И подключаем в конфиге агента ~/.ssh/config:Host * UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_rsaГотово, вы сэкономили немного своего времени на ввод passphrase.Если ключей несколько, то агент по имени ключа будет доставать нужную фразу.P.S На старых версиях MacOS команда чуть отличается, вот тут подглядите.Ну а теперь похоливарим за безопасность такого метода, особенно если у вас включен iCloud sync? 🤪

Понял тут, что не рассказывал о trufflehog, наверное лучшем на сегодншний день решении для поиска секретов. SSH и API ключи, пароли к бд, токены, облачные учетные данные и многое другое. Там уже 700 детекторов/регулярок, причем для некоторых есть сразу автоматическая проверка. Нашли например креды к AWS или GCP, нажали кнопочку и trufflehog любезно постучал в нужную апишку для валидации.Еще помимо привычных множественных сканов репозиториев, есть возможность поиска по файловой системе и даже s3 бакетам. Бонусом можно скачать плагин для браузера чтобы и по JS пройтись.Короче, мастхев для безопасности ваших пайплайнов и обнаружения секретов, которые кто-то случайно забыл положить куда следует…

Пссс, завезем немного движа в ИБ?Давно вынашивал идею закрытого сообщества для безопасников, где можно было бы черпать экспертизу, обмениваться опытом, получать актуальную информацию и просто общаться с крутыми и интересными людьми.Почему закрытого? Потому что сами знаете специфику нашего направления, когда далеко не все готовы обсуждать многие вещи публично. Но согласитесь, у многих есть опыт, которым можно поделиться и который может быть очень полезен. Мне кажется закрытый формат может хотя бы частично эту проблему решить.В общем, не буду ходить вокруг да около, сейчас я на этапе проверки гипотезы поэтому очень хочется получить от вас обратную связь.Основную идею постарался изложить тут >…

Я снова пропал, но тут такая новость сегодня, что нельзя было не поделиться — поддержка Passkeys теперь официально доехала до Google Chrome (Chrome Stable M108 если быть точным).На всякий случай Passkeys — это инициатива альянсов FIDO и W3C по разработке стандарта аутентификации без использования паролей, которые являются занозой в заднице в современном мире: утечки, брутфорс, сменяемость, желание написать его на листочке и приклеить к монитору и пр.Короче крутые чуваки собрались как-то, подумали и изобрели WebAuthn. Потом инициативу поддержали Apple, Google и Microsoft, обернули это в Passkeys и вот он, продукт который можно внедрять и нести людям (многие уже давно принесли даже, только Go…

Вопрос который меня в последнее время сильно волнует. Будет очень круто если поучаствуете анонимно.Если вы еще не касались истории с импортозамещением — игнорируйте (хотя предположу, что коснулось многих).Собственно вопрос ↓

Наверное лучший роадмап по сертификациям в ИБ, отсортированный по направлениям и уровню сложности.В очередной раз в этом убедился.> https://pauljerimy.com/security-certification-roadmap/ <p.s выглядит это конечно страшно, но что не сделать ради многострочного статуса в Linkedin, да? 😁

Там в либе Apache Commons Text нашли уязвимость, позволяющую выполнять удаленное выполнение кода — CVE-2022-42889. Но несмотря на CVSS 9.8, уязвимость затрагивает только несколько методов, связанных с интерполяцией данных, что в целом выглядит не так критично.Поискать в коде можно по:StringLookupFactory.INSTANCE.interpolatorStringLookup().lookup()или StringSubstitutor.createInterpolator().replace()В любом случае возьмите на вооружение и если лень читать код просто пропатчите либы до новой версии 1.10, благо она уже вышла.Уязвимость затрагивает версии Apache Commons Text 1.5–1.9.Reports:https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/https://securi…

Если моделирование угроз (threat modeling) у вас тоже вызывает боль, либо это увлекательное занятие вам только предстоит, попробую сэкономить вам несколько десятков часов вашего времени и просто порекомендую начать с > https://shellsharks.com/threat-modelingИ неважно делаете вы модель угроз для приложения или инфраструктурного компонента. А еще пришла в голову мысль, что доступ к таким материалам при пентесте может сильно ускорить процесс получения результата :) Удачи!Никогда не забуду свою первую... ⛔️

Google опубликовала очень стильный проект H4CK1NG.GOOGLE (фактически GoogleCTF 22) с набором своих новых челленджей по разным направлениям, каждое из которых сопровождается крутейшими видео-историями. Если вдруг заскучали после рабочего понедельника, можно провести вечер с пользой. В случае ступора можно сходить в дискорд проекта за подсказками или writeups — это уже для совсем ленивых :)Are you ready? [Y/N]https://h4ck1ng.googlePlaylist > https://www.youtube.com/playlist?list=PL590L5WQmH8dsxxz7ooJAgmijwOz0lh2H

В новой iOS 16 появился бекдор фича Rapid Security Responses, позволяющая патчить iPhone и аксессуары не дожидаясь обновления ОС. Должна включаться автоматом при обновлении на новую ОС.Идея с точки зрения ИБ конечно прикольная, но усложнит жизни любителям джейблрейка.

Cybershit8 471 subscribersО канале: http://telegra.ph/Cybershit-08-14Связь: Полезный канал про технологии и информационную безопасность.

Нам не поИБ на ИБ.

А вам?О канале: http://telegra.ph/Cybershit-08-14Связь: @cybrsht_botIf you have Telegram, you can view postand join Cybershit right away.

Если вы находитесь в поиске бюджетного инструмента для решения проблемы с паразитивным бот-трафиком, и у вас нет свободных финансов для приобретения какого-нибудь Cloudflare, можно посмотреть в сторону вот этих ультимативных репок для прокачки ваших Nginx или Apache.Настроенный веб-сервер под ключ одной кнопкой (почти). Ну либо если вам нужен какой-то докрученный кастом, то придется курить доки и конфиги из репы.https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blockerhttps://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker

Для тех, кто пропустил увлекательный доклад с недавнего BlackHat и DEFCON от представителей Rapid7 про их исследования ПО для Cisco ASA.В текущих реалиях, когда многие остались отрезанными от обновлений и подписок, готовы скачивать различные кряки, образа и клиенты для администрирования штата своих Cisco, такая тема кажется более чем актуальна.Если опустить рассказ про то, как Cisco выпустила патч не закрывающий зарепорченную уязвимость, то основные темы доклада всего две:– Установка вредоносного программного обеспечения для ASA и простые способы внедрения бекдоров в ПО администрирования Cisco ASDM.– Создание вредоносных установочных пакетов и загрузочных образов для модуля FirePOWER. Там в…

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack:TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward.

However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

Since the attack in late January or early February—the exact date is not known—Clop has disclosed less than half of the 130 organizations it claimed to have compromised via GoAnywhere, a system that can be hosted in the cloud or on an organization’s network that allows companies to securely transfer huge sets …

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The New York Times is reporting that a US citizen’s phone was hacked by the Predator spyware.

A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

The disclosure is the first known case of an American citizen being targeted in a European Union country by the advanced snooping technology, the use of which has been the subject of a widening scandal in Greece.

It demonstrates that the illicit use of spyware is spreading beyond use by a…

Friday Squid Blogging: New Species of Vampire Squid Lives 3,000 Feet below Sea LevelAt least, it seems to be a new species.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on March 17, 2023 at 5:19 PM • 0 Comments

I’ll be discussing my new book A Hacker’s Mind: How the Powerful Bend Society’s Rules at Harvard Science Center in Cambridge, Massachusetts, USA, on Friday, March 31, 2023 at 6:00 PM EDT.

at Harvard Science Center in Cambridge, Massachusetts, USA, on Friday, March 31, 2023 at 6:00 PM EDT.

with Julia Angwin at the Ford Foundation Center for Social Justice in New York City, on Thursday, April 6, 2023 at 6:30 PM EDT.

I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 1-2, 2023.

Posted on March 14, 2023 at 3:08 PM • 0 Comments

And she found that those groups’ financial contributions to specific senators on the committee increased the amendments’ chances of passing.

Lobbying has long been part of the give-and-take among human policymakers and advocates working to balance their competing interests.

Today, it can take a highly paid team of human lobbyists days or weeks to generate and analyze alternative pieces of microlegislation on behalf of a client.

AI models can use past examples to learn to estimate how that information changes the network.

What remains is for human lobbyists to walk the floors of the Capitol or state house, and perhaps supply some cash to grease the wheels.

From Brian Krebs:A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords.

The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI).

While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates.

On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances.

The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware.

“The attackers put significant effort into the stability and persistence of their tooling,” Mandiant researchers Daniel Lee, Stephen Eckels, and Ben Read wrote.

“The technique is not especially sophisticated, but it does show conside…

Researchers have discovered malware that “can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.”

Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware target the UEFI—short for Unified Extensible Firmware Interface—the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an ...

This is a good survey on prompt injection attacks on large language models (like ChatGPT).

Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs).

The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable.

Recently, several ways to misalign LLMs using Prompt Injection (PI) attacks have been introduced.

We demonstrate that an attacker can indirectly perform such PI attacks.

New National Cybersecurity StrategyLast week the Biden Administration released a new National Cybersecurity Strategy (summary >here.

It’s basically a smart strategy, but the hard parts are always the implementation details.

It’s one thing to say that we need to secure our cloud infrastructure, and another to detail what the means technically, who pays for it, and who verifies that it’s been done.

One of the provisions getting the most attention is a move to shift liability to software vendors, something I’ve been advocating for since at least 2003.

Posted on March 6, 2023 at 7:06 AM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app.

The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.

Google said it believes the exploit chain for Samsung devices belonged to a “commercial surveillance vendor,” without elaborating further.

Pinduoduo parent company PDD Holdings told Reuters Google has not shared details about why it suspended the app.

Most of the news coverage of Google’s move against Pind…

All three major carriers say they take steps to anonymize the customer data they share, but researchers have shown it is not terribly difficult to de-anonymize supposedly anonymous web-browsing data.

AT&T’s CPNI opt-out page says it shares CPNI data with several of its affiliates, including WarnerMedia, DirecTV and Cricket Wireless.

Until recently, AT&T also shared CPNI data with Xandr, whose privacy policy in turn explains that it shares data with hundreds of other advertising firms.

THE CASE FOR OPTING OUTWhy should you opt out of sharing CPNI data?

But until that day arrives, understand that the carriers can change their data collection and sharing policies when it suits them.

From there, the hackers plundered the InfraGard member database, and proceeded to sell contact information on more than 80,000 InfraGard members in an auction on BreachForums.

The FBI responded by disabling the portal for some time, before ultimately forcing all InfraGard members to re-apply for membership.

As part of that operation, the feds also charged the alleged administrator, 21-year-old Diogo Santos Coelho of Portugal, with six criminal counts.

By that time, the new BreachForums had been live for just under a week, but with a familiar look.

“Like pom would most likely do a plea bargain and cooperate with the feds as much as possible,” replied another.

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software.

Two of those flaws are already being actively attacked, including an especially severe weakness in Microsoft Outlook that can be exploited without any user interaction.

The Outlook vulnerability (CVE-2023-23397) affects all versions of Microsoft Outlook from 2013 to the newest.

The other zero-day flaw being actively exploited in the wild — CVE-2023-24800 — is a “Security Feature Bypass” in Windows SmartScreen, part of Microsoft’s slate of endpoint protection tools.

Patch management vendor Action1 notes that the exploit for this bug is low in complexity and requires no spec…

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases.

The complaint says once they obtained a victim’s information, Singh and Ceraolo would post the information in an online forum.

The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. federal government portal without authorization.

On May 12, 2022, KrebsOnSecurity broke the news that hackers had gained access to a DEA portal that taps into 16 different federal law enforcement databases.

The data included the victim’s Social Security number, driver’s license number, cellphone number, and home ad…

The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI).

While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

Typically installed by booby-trapped Microsoft Office documents and distributed via email, NetWire is a multi-platform threat that is capable of targeting not only Microsoft Windows machines but also Android, Linux and Mac systems.

DomainTools further shows this email address was used to register one other domain in 2012: wwlabshosting[.

Constella also shows the email address zankomario…

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations.

The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement.

According to Meta, this isn’t just a case of another domain name registrar ignoring abuse complaints because it’s bad for business.

In June 2015, ICANN suspended Freenom’s ability to create new …

The White House’s new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and it names China as the single biggest cyber threat to U.S. interests.

The strategy says the White House will work with Congress and the private sector to develop legislation that would prevent companies from disavowing responsibility for the security of their software products or services.

“All service providers must make reasonable attempts to secure the use of their infrastructure against abuse or other criminal behavior,” the strategy states.

In the wake of countless ransomware intrusions, many companies now hold c…

Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests.

Each advertises their claimed access to T-Mobile systems in a similar way.

“Because T-Mobile should have long ago issued all employees security keys and switched to security keys for the second factor.

Nixon said SIM-swapping groups often advertise low-level jobs on places like Roblox and Minecraft, online games that are extremely popular with young adolescent males.

In the shadow of such mega-breaches, any damage from the continuous attacks by these SIM-swapping groups can seem insignificant by comparison.

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

But in response to questions from KrebsOnSecurity at the time, GoDaddy said that incident also stemmed from a “limited” number of GoDaddy employees falling for a sophisticated social engineering scam.

This is key because many domain registrars will only respond to external requests to take down a phishing website if the site is live at the time of the abuse complaint.

But both SMS and app-based codes can be undermined by phishi…

]com has been advertised for nearly a decade on the forum Black Hat World by the user BHProxies.

BHProxies has authored 129 posts on Black Hat World since 2012, and their last post on the forum was in December 2022.

BHProxies initially was fairly active on Black Hat World between May and November 2012, after which it suddenly ceased all activity.

Reached via LinkedIn, Mr. Shotliff said he sold his BHProxies account to another Black Hat World forum user from Egypt back in 2014.

Constella Intelligence confirmed that [email protected] was indeed another email address tied to the hassan_isabad_subar/BHProxies identity on Black Hat World.

On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023, which — for the first time ever — includes provisions for the replacement of stolen EBT benefits.

However, EBT cards differ from debit cards issued to most Americans in two important ways.

But first, all 50 states must each submit a plan for how they are going to protect and replace food benefits stolen via card skimming.

Then again, nothing in the guidance even mentions chip-based cards, or any other advice for improving the physical security of EBT cards.

Like Maryland, which identified more than 1,400 households hit by EBT skimming attacks last year — a tenfold increase over 2021.

Microsoft also has more valentines for organizations that rely on Microsoft Exchange Server to handle email.

Apple on Feb. 13 released an update for iOS that resolves a zero-day vulnerability in Webkit, Apple’s open source browser engine.

According to Redmond, the out-of-support IE11 desktop application was permanently disabled on certain versions of Windows 10 on February 14, 2023 through a Microsoft Edge update.

“All remaining consumer and commercial devices that were not already redirected from IE11 to Microsoft Edge were redirected with the Microsoft Edge update.

“Additionally, redirection from IE11 to Microsoft Edge will be included as part of all future Microsoft Edge updates.

The U.S. Department of the Treasury says the Trickbot group is associated with Russian intelligence services, and that this alliance led to the targeting of many U.S. companies and government entities.

“In one of these attacks, the Trickbot Group deployed ransomware against three Minnesota medical facilities, disrupting their computer networks and telephones, and causing a diversion of ambulances.

According to the Treasury Department, the alleged senior leader of the Trickbot group is 34-year-old Russian national Vitaly “Bentley” Kovalev.

This is not the U.S. government’s first swipe at the Trickbot group.

In addition, the leaked Conti chats confirmed there was considerable overlap in the o…

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison.

There are several other studios pursuing documentaries on the Ashley Madison breach, and it’s not hard to see why.

On July 19, 2015, a hacker group calling itself The Impact Team leaked Ashley Madison internal company data, and announced it would leak all user data in a month unless Ashley Madison voluntarily shut down before then.

The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides.

I won’t go into detail on what we discovered until the Hulu series is ready for rele…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

ImageA new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat.

ENISA's report, its first ever analysis of the myriad of cybersecurity threats facing the transport sector in the EU, mapped and studied cyber incidents targeting aviation, maritime, railway, and road transport between January 2021 and October 2022.

During this period, the three major threats identified were:ransomware attacks (38%)data-related threats (30%)malware (17%)denial-of-service attacks (16%)phishing/spear-phishing (10%)supply-chain attacks (10%)I…

So, if you don’t know how to access ChatGPT, what do you do?

Well, you might use your trusty search engine to find out how to access ChatGPT.

As security researchers at Guardio Labs describe, scammers managed to plant a scam browser extension into the official Chrome store that claimed to be for “Chat GPT 4.”And the malicious extension steals your computer’s Facebook-related cookies and silently squirrels them away to the hacker, who can then seize control of your business’s Facebook page.

Google says it has now removed the extension from its Chrome Web Store, as well as the malicious ads in its search results.

If you install a rogue extension, everything you do in your browser could be com…

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Thom Langford – @thomlangfordEpisode links:Sponsored by:Bitwarden – Password security you can trust.

Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow …

What is one of the leading causes of breaches in the cloud?

It’s no wonder CISOs push zero trust as a top priority.

The report also found that non-admin users only utilized 10% of granted permissions over a 90-day window.

DevOps teams tend to grant more permissions – for both humans and non humans – than needed, increasing the risk of attack.

Excessive cloud permissions erode zero trust efforts and open your organization to further breach.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

ImageSecurity researchers have released a new decryption tool that should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free.

That statement, perhaps understandably, didn't go down well with many people - including people who historically the Conti ransomware group might have considered its partners-in-arms.

Embarrassingly for the criminal gang who extorted millions from businesses by threatening to leak their data, someone chose to leak some 160,000 messages between the Conti group's members, and the source code for the Conti ransomware.

The private keys and decryption code have been incorporated into the …

Google has issued a warning that some Android phones can be hacked remotely, without the intended victim having to click on anything.

And what does a hacker need to know about you to target your phone?

Your phone number.

All they need to know is your Android device’s phone number.

However, if you’re the owner of a vulnerable Samsung smartphone, fixes still aren’t available according to at least one Google Project Zero researcher.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultEpisode links:Sponsored by:Bitwarden – Password security you can trust.

Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashi…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Attacks targeting the software supply chain are on the rise and splashed across the news.

Software supply chain risk isn’t going anywhere.

As development teams increasingly rely on open source software and third-party code, the risk of exposure to both known and unknown security vulnerabilities significantly increases.

Not to mention that container vulnerabilities are discovered daily.

This year, the report highlighted key CISO priorities, including software supply chain risk, zero trust, and cost management.

Part of that delay may be down to the fact that some of GSC Game World’s development team are otherwise occupied – helping fight Russian invaders in real-life.

But the fight between GSC Game World’s employees and Russia is also taking place digitally.

Our unwavering commitment to supporting our country remains unchanged – we will continue to do everything possible to support ukraine.

From each and every member of the gsc game world team.

Sincerely,The GSC Game World teamAnd what are the hacker’s demands?

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Take, for instance, if you decide that you don’t fancy paying the $300 or so that Apple charges for the Mac edition of Final Cut Pro.

As security researchers at Jamf have described, torrents on The Pirate Bay which claim to contain Final Cut Pro are instead being used to distribute malware, designed to infect your Mac with cryptojacking malware.

If you do download the pirated version of “Final Cut Pro” from a torrent, at installation you’ll be greeted with a message which suggests that the software has become corrupted.

Obviously you should always run up-to-date anti-virus software, but maybe you would also be wise to only install software from legitimate sources – which doesn’t mean it’s o…

В этом посте мы расскажем, как эта схема работает и на что сотрудникам следует обращать внимание, чтобы не попасться.

Как выглядит фишинг через SharePointСотруднику приходит шаблонная нотификация о том, что кто-то поделился с ним файлом.

А все потому, что это действительно аутентичная нотификация сервера Sharepoint.

Ничего не подозревающий сотрудник кликает на ссылку и попадает на реальный сервер SharePoint, на котором действительно открывается заявленный файл OneNote.

Почему данный тип фишинга особенно опасенСам по себе фишинг через SharePoint встречается далеко не впервые.

Так что после смерти хозяина его искин просто переводят в «режим зеркала» и сохраняют в безопасном месте с интернет-доступом.

Аналогичные возможности постепенно появляются и в других сервисах.

Ведь для этого, как и для удаления аккаунта, нужно предоставить сервису документы о смерти владельца (подобные правила работают в Instagram*, ВКонтакте и других соцсетях).

Не исключено, что в виртуальных метавселенных будущего толпы покойников будут бродить по площадям на автопилоте, напоминая худшие фильмы про зомби-апокалипсис.

Выясните про каждый цифровой сервис, какое именно наследование он поддерживает и что нужно для этого сделать в настройках или договорах.

Виной тому 18 уязвимостей в радиомодуле Exynos, широко используемом в смартфонах Google, Vivo, Samsung и многих других.

Их флагманские чипы называются Exynos, и они используются во многих (но не во всех) моделях смартфонов и планшетов Samsung.

Таких ошибок набралось 18, и не все они детально описаны, чтобы хакерам было труднее ими воспользоваться.

Уязвимости подвержены чипы Exynos 850, 980, 1080, 1280, 2200, Exynos Modem 5123, Exynos Modem 5300 и Exynos Auto T5123.

Пока такие прошивки для прочих уязвимых устройств еще недоступны; разумеется, как только они появятся, их надо будет немедленно установить.

И не удивительно, ведь оно всегда было и остается самым дешевым способом развода, доступным любому желающему, даже если этот желающий не обременен техническими навыками.

Сегодня поговорим о хитром плане, в котором злоумышленники достаточно неожиданным образом эксплуатируют страх сотрудников, работающих с контентом, перед нарушением копирайта.

Приводится ссылка и на эту картинку, и на страницу, где происходит вопиющее преступление.

Причем обе ссылки вполне себе настоящие, так что в эту часть истории можно легко поверить.

Они напоминают, что копию страницы с нарушением авторских прав можно найти в веб-архиве и использовать ее в качестве доказательства в суде.

В недавних обновлениях iOS и iPadOS 16.3 и macOS 13.2, помимо всего прочего, были закрыты уязвимости, зарегистрированные как CVE-2023-23530 и CVE-2023-23531.

Классы, протоколы и типы данных, определенные Foundation, используются во всех SDK для macOS, iOS, watchOS и tvOS».

Собственно, основной находкой CodeColorist и стал тот факт, что с помощью таких скриптов можно обходить используемые Apple механизмы безопасности, включая изоляцию приложений.

Возможно, и на эти заплатки найдутся новые обходные пути.

Также стоит не забывать, что одной лишь возможности исполнять с помощью NSPredicate скрипты в iOS для успешного взлома недостаточно.

Часто компании и сами пишут в своих официальных аккаунтах в соцсетях о том, как они рады приветствовать нового члена команды.

На этом-то моменте новоявленный сотрудник и привлекает внимание мошенников.

Как правило, в посте в соцсети написано имя, название компании и должность.

(Мошенники специально упирают на срочность, чтобы сотрудник не успел задуматься или задать кому-то дополнительные вопросы.)

Такие уведомления здорово помогают сотрудникам понять, взаимодействуют ли они с кем-то из компании или нет.

Если умное устройство взломали, злоумышленники могут установить на него вредоносный код и запускать с него кибератаки как на компьютеры в доме, так и на устройства в большом Интернете.

Уязвимости и дефекты есть у всех, но некоторые производители быстро устраняют ошибки, выпускают обновления, а другие подолгу отнекиваются и не решают проблемы.

На профессиональном языке это называется «сегментация сети», и в идеале домашняя сеть должна быть поделена хотя бы на три сегмента: домашние компьютеры, гостевые устройства, устройства умного дома.

Например, робот-пылесос может загружать на сервер детальную схему уборки (а значит, и карту вашего дома), а может и не загружать.

Например, робот-пылесос мо…

Копирование картКогда карты хранили информацию только на магнитной полосе, мошенники довольно легко могли изготовить точную копию карты и расплачиваться ею в магазинах и банкоматах.

Получив дамп с карты и пин-код, злоумышленники записывали данные на чистую карту и отправлялись с ней в банкомат или магазин.

Поэтому преступники стали заражать платежные терминалы вредоносным кодом, который одновременно с оплатой легитимной покупки копирует часть данных с карты.

Железный кошелекВ продаже имеются кошельки с «защитой RFID», чтобы карты в кошельке нельзя было прочитать дистанционно, например в общественном транспорте.

Как защититься: лучше всего установить относительно небольшие лимиты расходовани…

Предложения включить синхронизацию браузера Chrome с облачным аккаунтом Google всплывают с первого дня работы, более того, Chrome часто включает ее автоматически после первого же логина в Gmail или Google docs.

В Firefox и Edge синхронизация менее назойлива, но тоже существует и тоже предлагается.

Именно синхронизация паролей в Google Chrome привела к компрометации гиганта ИБ Cisco, а вредоносные расширения, замаскированные под корпоративную защиту, были оптимизированы для воровства токенов аутентификации Oauth.

Объясните, почему нужно пользоваться только корпоративным Chrome или Edge, почему нельзя сохранять пароли в браузере и синхронизировать закладки с домашним компьютером.

Дайте некото…

Последние специально адаптированы для рабочих задач, поэтому с ними дела обстоят несколько иначе и мы не будем рассматривать их в этом посте.

То есть тот факт, что для расшифровки переписки нужны секретные ключи собеседников, которые никогда не покидают их устройств.

И не только читать, но при желании и написать что-то от имени вашего сотрудника в рабочий чат.

Во-вторых, не каждое защитное ПО предупреждает пользователя о том, что в системе его компьютера обнаружены инструменты для удаленного доступа.

Если это по каким-либо причинам невозможно, то хотя бы примите элементарные меры предосторожности:

Многие организации переходят на open source и для «не айтишных» задач, таких как CRM, производство графического контента и публикация блогов.

Выбор открытого (open source) или проприетарного (closed source) решения далеко не прост — это не просто выбор «платного» против «бесплатного» или «без техподдержки» против «с техподдержкой».

Для каждого IT-решения и для конкретной организации надо учитывать целый ряд важных аспектов.

Разумеется, для проприетарных решений платная поддержка тоже типична; нельзя сказать, что это нужно только для open source.

Хорошо, что это в принципе возможно, но плохо, что это может оказаться крупной и плохо прогнозируемой статьей расходов.

А в некоторых случаях двухфакторная аутентификация с помощью кода из приложения — и вовсе единственный доступный вариант.

В дальнейшем на основе этого числа, а также текущего времени, по одинаковому алгоритму генерируются одноразовые коды — одновременно и на стороне аутентификатора, и на стороне сервиса.

То есть при каждом новом входе в аккаунт никакой информации от сервиса к вашему аутентификатору вообще не передается, так что и перехватывать тут нечего.

Так что все, что может в теории заполучить злоумышленник — это конечный продукт работы этой системы: собственно одноразовый код, который вы вводите.

Так вы обезопасите себя от того, что в самый неподходящий момент облачная инфраструктура о…

Языковые моделиДавайте начнем с ChatGPT — это на данный момент крупнейшая (из доступных широкой публике) языковая модель.

Как и в случае со многими другими масштабными проектами машинного обучения, никто до конца не знает, как она работает (даже ее создатели OpenAI).

Как и в случае с ChatGPT, в итоге получается гигантская, непостижимая машина, которая очень хорошо умеет сопоставлять изображения с текстами.

Изменит ли искусственный интеллект мир так же сильно, как это сделал паровой двигатель?

Вопрос о том, войдет ли искусственный интеллект в нашу жизнь, больше не стоит, поэтому следует хотя бы обсудить, как к этому подготовиться.

И для каждый возрастной аудитории мошенники создают свои схемы обмана.

Бесплатный сыр по-прежнему манитОдна из самых популярных афер, нацеленных на юных геймеров — предложение сгенерировать игровую валюту для той или иной игры.

Дети постоянно ищут, как раздобыть эти монеты бесплатно, чтобы не просить их у родителей, и попадаются в ловушку киберпреступников.

В результате вместо бесплатных гемов несчастный игрок может потерять как свой почтовый аккаунт, так и накопленный опыт и валюту в Brawl Stars.

Отдельным пунктом злоумышленники указали, что для установки чита нужно обязательно отключить антивирус, иначе из-за его «ложного срабатывания» ничего не получится.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Использованная в атаке программа-вымогатель DeadBolt представляет собой 32-битную программу для Linux/ARM формата ELF, разработанную на языке программирования Go.

Программа была обфусцирована и сжата упаковщиком UPX.

Также из программы удалена идентифицирующая информация о сборке Go.

Анализ такого образца может вызывать некоторые затруднения, поэтому мы более подробно остановимся на описании логики работы DeadBolt.

Для этого мы дополнительно провели полную декомпиляцию кода Go вымогателя.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Providing secure access and a frictionless user experience are typically competing initiatives, but they don’t have to be!

Risk-Based AuthenticationRisk-Based Authentication fulfills the zero trust philosophy of continuous trust verification by assessing the risk level for each access attempt in a manner that is frictionless to users.

Integrated with MFA or passwordless authentication, SSO serves as a critical access management tool for organizations that want to implement zero trust access to corporate applications.

When logging into browser-based applications, Duo SSO already allows users to reset passwords when they have expired in the same login workflow.

Risk-Based Authentication and e…

I’m incredibly proud of the Cisco Secure Firewall team and our amazing customers who continue to develop their network security around our firewall.

Cisco Secure Firewall Key FeaturesCisco Secure Firewall threat-focused NGFW architecture enables superior visibility and control over network traffic.

This is achieved through its integration with other security technologies, such as web security, email security, and cloud security through our SecureX platform.

This is achieved through its integration with other security technologies, such as web security, email security, and cloud security through our SecureX platform.

Learn more about SE Labs 2023 Annual Report, Cisco Secure Firewall and how …

Luigi reached out to the Cisco community, offering his knowledge and expertise to help others.

This is what stood out to make him our Cybersecurity Defender of the Year in EMEA for the Cisco Global Advocate Awards 2023 EMEA event.

Cisco’s advocacy community, Cisco Insider Advocates, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in their field.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community.

The Cisco Secure team is excited to share our expertise to help power the strategies – and safety – of your organization.

Cisco+ Secure ConnectCisco SD-WAN customers can now enjoy all the benefits of a turnkey, single-vendor SASE solution that brings together industry-leading networking with security:​ Cisco+ Secure Connect.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

Being a leader in both security and networking, Cisco continues to bring security closer to networking, providing the network with built-in security, and enabling the network to act both as sensor and as an enforcer.

Cisco uniquely integrates security and networking, for instance we recently integrated Cisco Secure Firewall to operate on Cisco Catalyst 9000 Series switches.

Use Case 2: Centrally manage isolated IoT network clusters: IoT devices which communicate with each other in the same subnet typically cannot be routed, which is a challenge.

IoT traffic is usually in plain text, making it susceptible to packet sniffing, eavesdropping, man-in-the-middle attacks, and other such exploits.

…

Security resilience is the ability to anticipate and respond to unpredictable threats or changes, and then emerge stronger.

The report identifies seven success factors CISOs can pursue to improve outcomes within their own enterprise security resilience programs, placing a high priority on security resilience.

Given the objective of security resilience is to withstand threats and come back even stronger, it’s clear that resilience must exist before, during, and after a cybersecurity incident.

What’s more, CISOs who lack strong executive relationships may also find themselves struggling to oversee incident management and coordinate communications.

A security culture can create willing resilie…

Secure Firewall Threat Defense Virtual is available on Alkira’s service marketplace through Bring-Your-Own-License (BYOL) and Pay-As-You-Go licensing options.

The auto-scaled firewall instance receives the configuration and licenses automatically (Cisco Secure Firewall Threat Defense auto-scale coming in Q2CY23).

Alkira Cloud Exchange Platform (CXP) connects branches and Cisco Secure Firewall Threat Defense protects N/S and E/W branch traffic.

Management OptionsCisco Secure Firewall Threat Defense Virtual is managed using Cisco Secure Firewall Management Center (FMC).

Additional Resources:Cisco Secure Firewall Threat DefenseCisco Secure Firewall Data SheetCisco Secure Firewall Management Ce…

The phrase zero trust does not inspire trust, clarity, or transparency.

So… how do we build the trust necessary for zero trust adoption?

Relationships build trust – an essential ingredient for zero trust momentum.

Perhaps we can apply these drivers within the context of zero trust security:Authenticity – are we truly aligned on the goals of a zero trust rollout?

Download Cisco’s Guide to Zero Trust Maturity to see how teams with mature implementations of zero trust found quick wins and built organizational trust.

We understand that working remotely can be an adjustment — that’s why we’ve compiled the 10 parts of remote work that surprised our team members most and their advice for navigating the nuances.

Intentional online socializing strengthens teams working remotelyFor folks sharing an office, collaboration can happen through casual chats over coffee.

When Ting first started working remotely, he felt that every meeting needed to be formal and have a business objective.

Senior Software Engineer Mario Lopez finds that the variety of information sources contributes to an easeful remote working experience.

As the structures of remote, distributed and hybrid work evolve, it’s important to stay flexibl…

What is business email compromise?

cricketsBusiness Email Compromise (BEC) is a type of cybercrime that involves compromising or imitating legitimate business email accounts to carry out fraudulent transactions or steal sensitive information.

The Cisco Secure Email Threat Defense solution leverages hundreds of detection engines that utilize state-of-the-art artificial intelligence/machine learning and natural language processing to convict messages from the most creative attackers!

In summary, Business Email Compromise (BEC) is a serious threat to organizations of all sizes and in all industries.

See how Secure Email Threat Defense identifies specific business risk factors to protect your o…

Cybersecurity professionals are often perceived as sole practitioners, plying their craft in dimly lit rooms.

We are pleased to introduce the nominees for the Cybersecurity Defender of the Year Award in EMEA.

We have five distinguished nominees, and while we have yet to select a winner, you will see how each of their contributions to Cisco’s cybersecurity community raised our attention.

His contributions to the Insider Advocacy platform reflect a tireless commitment to the cybersecurity community.

Part of his proactive approach is to freely communicate his ideas, leading to his involvement in the Insider Advocacy community.

As part of Cisco’s recognition of International Data Privacy Day, today we released the Cisco 2023 Data Privacy Benchmark Study, our sixth annual review of key privacy issues and their impact on business.

Ninety-five percent (95%) of survey respondents said that “all of their employees” need to know how to protect data privacy.

Among the security professionals who completed our survey, one-third (33%) included data privacy in their top three areas of responsibility.

Another important indication of privacy’s importance to the organization is the use of privacy metrics.

To learn more, check out the Cisco 2023 Data Privacy Benchmark Study, Infographic, and our Principles for Responsible AI.

Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3 implementation and migration plans.

Here are the three biggest takeaways from this most recent survey:Remote work, regulatory and vendor controls, and improved data security are drivers.

Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update.

Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update.

Even with improved technologies (since the first announcement of TLS 1.3), organizations still cannot overcome these challenges.

As privacy professionals, we live and breathe the importance of privacy every day and understand its value.

We’re excited today to share this new, jointly-published research report Business Benefits of Investing in Data Privacy Management Programs.

Most organizations are using some form of a privacy maturity model to show accountability, including the CIPL Accountability Framework, ISO standards, Generally Accepted Privacy Principles, and the NIST Privacy Framework, among others.

There is considerable interest in further understanding the value DPMPs bring to their organization.

Check out this report Business Benefits of Investing in Data Privacy Management Programs and more related privacy…

I am excited to announce the release of Cisco’s annual flagship cybersecurity report, the Security Outcomes Report, Volume 3: Achieving Security Resilience.

The Security Outcomes Report, Vol.3 looks at the most important factors that will help you build that foundation and give you the most successful security outcomes.

Seven success factorsThe report analyses the seven success factors that have shown to improve overall security resilience:Establishing executive support can increase security resilience by 39%.

Cultivating a culture of security boosts security resilience by 46%.

About the Security Outcomes ReportThe report is based on an anonymous survey 4,751 active cybersecurity experts fr…

Last year, we introduced Microsoft Defender for Business, aimed at safeguarding endpoints for businesses with up to 300 employees.

To further extend our security capabilities, we announced Defender for Business in Microsoft 365 Business Premium, providing comprehensive productivity and security solutions on a single platform.

In November 2022, we launched server security features built into Defender for Business, with enhanced protection for both Windows Server and Linux servers through the Microsoft Defender for Business server add-on.2The continued evolution of Defender for BusinessBut we’re not stopping there.

They can also proactively improve customers’ device security in Defender for B…

To acheive this, an effective CNAPP should combine capabilities across cloud security posture management, DevOps security management, cloud workload protection, cloud infrastructure entitlement management, and network security.

DevOps security : Microsoft Defender for DevOps in Defender for Cloud empowers security teams to unify, strengthen, and manage multipipeline DevOps security, shift security left, and enable code-to-cloud protections in a central console.

: Microsoft Defender for DevOps in Defender for Cloud empowers security teams to unify, strengthen, and manage multipipeline DevOps security, shift security left, and enable code-to-cloud protections in a central console.

Network sec…

I am delighted to announce that Forrester listed Microsoft as a Leader in its 2023 Wave™ for Data Security Platforms.

Learn moreRead this complimentary copy of The Forrester Wave™: Data Security Platforms, Q1 2023 for the analysis behind Microsoft’s position as a Leader.

Read more about Microsoft’s recognition as a leader in cloud security, email security, security analytics, and more:To learn more about Microsoft Security solutions, visit our website.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.

Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™.

Multifactor authentication isn’t enoughThreat actors can brute force their way into accounts, defeat multifactor authentication, and breach organizations.

Beyond multifactor authentication: Identity Intelligence from Recorded FutureOf course, threat actors are trying to breach thousands of networks every day.

That’s the identity management model Recorded Future uses with Identity Intelligence.

The easiest way to do this is by placing an at-risk user into one or more security groups based on the Identity Intelligence available from Recorded Future and pushing the details of Recorded Future’s Identity Intelligence into Microsoft Sentinel.

Recorded Future indicators are also available as Micro…

This certification demonstrates Microsoft’s commitment to providing comprehensive CDMC cloud data management automations and controls for protecting sensitive data to accelerate trusted cloud adoption.

Data Control Compliance must be monitored for all data assets containing sensitive data through metrics and automated notifications.

A register of Authoritative Data Sources and Provisioning Points must be populated for all data assets containing sensitive data.

Entitlements and Access for Sensitive Data must default to the creator and owner and access must be tracked for all sensitive data.

“The Cloud Data Management Capabilities framework represents the best practices in data on cloud from …

Why choose a cloud-powered solution for IoT and OT security?

To learn more about how to empower OT and IT security teams to work together, watch our webinar, OT/IoT Enabled SOC with Microsoft Sentinel and Microsoft Defender for IoT.

Together, Defender for IoT and Microsoft Sentinel provide security information and event management (SIEM) for both OT and IT environments.

Defender for IoT also shares threat data with Microsoft 365 Defender, Microsoft Defender for Cloud, and non-Microsoft products like Splunk, IBM QRadar, and ServiceNow.

Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

DDoS attacks against healthcare in AzureWe measured the number of attacks daily on healthcare organizations in Azure between November 18, 2022 and February 17, 2023.

Number of daily DDoS attacks on healthcare applications in AzureWe tracked attack statistics through the same time period and observed that DDoS attacks on healthcare organizations didn’t demonstrate severely high throughput.

Types of healthcare organizations targeted by DDoS attacksWe also observed a combination of multi-vector layer 3, layer 4, and layer 7 DDoS attacks.

Mitigating DDoS attacks from KillNet and other adversariesKillNet and its affiliated adversaries utilize DDoS attacks as their most common tactic.

Make sure y…

On March 28, 2023, we will bring together security professionals from around the world to explore security information and event management (SIEM) and extended detection and response (XDR), threat intelligence, AI, data security, multicloud security, and more.

Protect your network infrastructure and applications with Azure network security (PRT006): Senior Product Manager Amir Dahan, Principal Program Manager Gopikrishna Kannan, and Principal Product Manager Joe Olerich will share the latest Azure network security innovations.

Senior Product Manager Amir Dahan, Principal Program Manager Gopikrishna Kannan, and Principal Product Manager Joe Olerich will share the latest Azure network securit…

They tend to be highly focused on maintaining their current infrastructure and managing device agents through on-premises DLP solutions.

That’s why consolidation is critical.” —Director, Technology ServicesBenefits of leveraging a cloud-native DLP solutionIn migrating your DLP solution, there are two options: a cloud-based or a cloud-native DLP solution.

As a cloud-native DLP solution, Microsoft Purview Data Loss Prevention provides all of the above benefits, with the added power of Adaptive Protection to help apply DLP policies dynamically based on users’ risk levels.

Microsoft Purview Data Loss Prevention does all this automatically wherever data is accessed or shared, so you can protect …

Adversary-in-the-middle (AiTM) phishing kits are part of an increasing trend that is observed supplanting many other less advanced forms of phishing.

AiTM tool promotionDEV-1101 began advertising their AiTM kit around May 2022 through a Telegram channel and an advertisement in exploit[.

The example below is of an initial phishing message from a campaign launched by DEV-0928 using the DEV-1101 phishing kit.

AiTM phishing attack diagramFor additional in-depth information on how AiTM phishing works, refer to the blog, From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud.

Mitigating AiTM phishing attacksWhile AiTM phishing attempts to circumvent …

Internal career development, community, and sponsorship for women in cybersecurityEach of us can do our part in supporting women in cybersecurity in our own way.

At Microsoft, building a stronger future for women in cybersecurity begins with a strong foundation here at our Microsoft home.

All women within Microsoft Security deserve the resources necessary to feel connected, thriving, and empowered to achieve more.

This initiative includes:Creating an Employee Resource Group for women within Microsoft Security that aims to create supportive allyship and an inclusive culture for women at the company.

Encouraging the growth of women as leaders within Microsoft Security by ensuring they have ad…

How the Microsoft and Acrobat integration worksFor Acrobat Pro or Standard users with a Microsoft 365 E3 or higher subscription, information protection can be accessed within Adobe Acrobat through the Protect tool.

Consult the Microsoft Purview Information Protection support in Acrobat installation instructions for help.

To gain further knowledge on how to secure PDFs and mitigate risk with Microsoft Purview Information Protection, watch this on-demand webinar.

This journey started in 2018 with Adobe Acrobat and Reader apps supporting consistent viewing of PDFs protected by Microsoft Purview Information Protection.

Learn more about Acrobat support for Microsoft Purview Information Protectio…

Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks.

Microsoft discovered that an old version of the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.

We reported our findings to Google, the Play Store operator, leading to an investigation by their Android Security Team.

We used Frida to intercept calls to the android.content.ClipboardManager.getText and com.zzkko.util.MarketClipboardPhaseLinker.f methods to analyze th…

Today, I am pleased to announce that Gartner has recognized Microsoft as a Leader in the 2022 Gartner® Magic QuadrantTM for Endpoint Protection Platforms, positioned highest on the Ability to Execute.2Microsoft Defender for Endpoint is an industry-leading, cloud-powered endpoint security solution offering endpoint protection, endpoint detection and response, mobile threat defense, and integrated vulnerability management.

Gartner® Magic QuadrantTM for Endpoint Protection Platforms.

Microsoft Defender for Endpoint is designed for all endpoint platforms in an organization’s network including Windows, Linux, macOS, Android, and iOS.

Learn moreIf you are not yet taking advantage of Microsoft’s l…

Industry collaboration to help secure the AI supply chain: We worked with Hugging Face, one of the most popular machine learning model repositories, to mitigate threats to AI and machine learning frameworks by collaborating on an AI-specific security scanner.

Many businesses are pulling existing models from public AI and machine learning repositories as they work to apply AI models to their own operations.

There is a misconception in the security community that attacking AI and machine learning systems involves exotic algorithms and advanced knowledge of machine learning.

MITRE ATLAS, the ATT&CK-style framework for adversarial machine learning, specifically calls out machine learning supply…

In 2021, we announced the launch of OSV, a database of open source vulnerabilities built partially from vulnerabilities found through Google’s OSS-Fuzz program.

To address this, we announced the OSV Schema to unify open source vulnerability databases.

The OSV Schema remains the only widely adopted schema that treats open source as a first class citizen.

OSV Schema's strong adoption shows that the open source community prefers a lightweight standard, tailored for open source.

OSV is not just built for open source, it is an open source project.

Starting in Chrome 111 we will begin to turn down the Chrome Cleanup Tool, an application distributed to Chrome users on Windows to help find and remove unwanted software (UwS).

Origin storyThe Chrome Cleanup Tool was introduced in 2015 to help users recover from unexpected settings changes, and to detect and remove unwanted software.

For example, last month just 0.06% of Chrome Cleanup Tool scans run by users detected known UwS.

Even without the Chrome Cleanup Tool, users are automatically protected by Safe Browsing in Chrome.

While we'll miss the Chrome Cleanup Tool, we wanted to take this opportunity to acknowledge its role in combating UwS for the past 8 years.

We’re excited to announce changes that make getting Google Trust Services TLS certificates easier for Google Domains customers.

Additionally, Google Domains is now making an API available to allow for DNS-01 challenges with Google Domains DNS servers to issue and renew certificates automatically.

This enables your certificate requests to be associated with your Google Domains account.

You can get an API key by visiting Google Domains and navigating to the Security page for your domain.

If you need additional information please visit the Google Domains help centerGoogle Domains and ACME DNS-01ACME uses challenges to validate domain control before issuing certificates.

Your journey towards keeping your Google Workspace users and data safe, starts with bringing your Chrome browsers under Cloud Management at no additional cost.

Chrome Browser Cloud Management is a single destination for applying Chrome Browser policies and security controls across Windows, Mac, Linux, iOS and Android.

Gain insights into critical security events via Audit Logs, Google Security Center or your SIEM of choiceIT teams can gain useful insights about potential security threats and events that your Google Workspace users are encountering when browsing the web using Chrome.

In the Google Workspace Admin console, organizations can enroll their Chrome browser and get detailed informat…

Invalid traffic is an evolving challenge that has the potential to affect the integrity and health of digital advertising on CTV.

However, there are steps the industry can take to combat invalid traffic and foster a clean, trustworthy, and sustainable ecosystem.

Our ongoing investment in invalid traffic defensesAt Google, we’ve been defending our ad systems against invalid traffic for nearly two decades.

We’re now applying a similar approach to minimize the risk of CTV ad fraud, balancing innovation with tried-and-true technologies.

The tactics behind invalid traffic and ad fraud will inevitably become more sophisticated with the growth of CTV.

As Mobile World Congress approaches, we have the opportunity to have deep and meaningful conversations across the industry about the present and future of connected device security.

New Research Continues to Help Inform Our Efforts to Establish Strong Security Standards and Labeling PracticesLast year, the Alliance formed the Product Security Working Group (PSWG).

Transparent security labeling is critical in helping consumers understand which devices meet specific security standards and requirements during evaluation.

We recently provided our principles for IoT security labeling and will continue to be a key contributor to efforts around providing users with transparent device security labe…

We are also excited to share that the invite-only Android Chipset Security Reward Program (ACSRP) - a private vulnerability reward program offered by Google in collaboration with manufacturers of Android chipsets - rewarded $486,000 in 2022 and received over 700 valid security reports.

Rory was also kind enough to speak at the Chrome Security Summit in 2022 to share his experiences participating in the Chrome VRP over the years.

Google Play2022 was a year of change for the Google Play Security Reward Program.

If you are a Google VRP researcher and want to be considered for a Vulnerability Research Grant, make sure you opted in on your bughunters profile.

Looking ForwardWithout our incredibl…

The challengeEnabling exploit mitigations in firmware running on bare metal targets is no easy feat.

Our team partners closely with Android teams working on fuzzing and security assessments to leverage their expertise and tools with bare metal targets.

Hardening firmware running on bare metal to materially increase the level of protection - across more surfaces in Android - is one of the priorities of Android Security.

We stand ready to assist our ecosystem partners to harden bare metal firmware.

Special thanks to our colleagues who contributed to this blog post and our firmware security hardening efforts: Diana Baker, Farzan Karimi, Jeffrey Vander Stoep, Kevin Deus, Eugene Rodionov, Pirama…

It’s time for companies to step up on their own and work with governments to help fix a flawed ecosystem.

Ransomware affects every industry, in every corner of the globe – and it thrives on pre-existing vulnerabilities: insecure software, indefensible architectures, and inadequate security investment.

As Easterly and Goldstein rightly point out, “secure by default” and “secure by design” should be table stakes.

In other words, we need secure products, not security products.

Perhaps most significantly, adopting modern cloud architectures makes it easier to define and enforce secure software development policies.

Since launching in 2016, Google's free OSS-Fuzz code testing service has helped get over 8800 vulnerabilities and 28,000 bugs fixed across 850 projects.

Today, we’re excited to announce that we’ve expanded the scope of the OSS-Fuzz Reward Program considerably, introducing many new types of rewards!

For more details, see the fully updated rules for our dedicated OSS-Fuzz Reward Program.

We believe these initiatives will help scale security testing efforts across the broader open source ecosystem.

We hope to accelerate the integration of critical open source projects into OSS-Fuzz by providing stronger incentives to security researchers and open source maintainers.

Google Chrome communicated its distrust of TrustCor in the public forum on December 15, 2022.

The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values.

Google includes or removes CA certificates within the Chrome Root Store as it deems appropriate for user safety in accordance with our policies.

The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability.

This change was first communicated in the Mozilla “Dev Security Policy” Web PKI public discussion forum Google Group on December 15, 2022.

We are pleased to announce that moving forward, the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium.

This will enable us to include Rust code in the Chrome binary within the next year.

In this blog post, we will discuss how we arrived at the decision to support third-party Rust libraries at this time, and not broader usage of Rust in Chromium.

And we believe that we can use third-party Rust libraries to work toward this goal.

In this way, Rust can not land in arbitrary C++ code, only in functions passed through the API from C++.

Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment).

Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever.

That’s why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application S…

Today, we’re launching the OSV-Scanner, a free tool that gives open source developers easy access to vulnerability information relevant to their project.

This involved publishing the Open Source Vulnerability (OSV) schema and launching the OSV.dev service, the first distributed open source vulnerability database.

The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases.

Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:Each advisory comes from an open and authoritative sou…

This blog, and the technical paper reference within, is an example of that commitment: we describe an important new Android privacy infrastructure called Private Compute Core (PCC).

Some of our most exciting machine learning features use continuous sensing data — information from the microphone, camera, and screen.

How Private Compute Core worksPCC is designed to enable innovative features while keeping the data needed for them confidential from other subsystems.

Network calls to improve the performance of these models can be monitored using Private Compute Services.

We'll continue sharing our progress and look forward to hearing feedback from our users and community on the evolution of Pri…