Гравитационные волны могут быть эхом неизвестного события в раннем космосе.

История о том, как реклама нарушает границы личного.

Google выявил уязвимость, которую срочно пришлось исправлять.

Полный гид по DoH, DoT, VPN и другим методам конфиденциальности.

Подробный разбор отражённых, хранимых и DOM-уязвимостей.

Открытый код и pkcs#7-подписи сделают ядро безопаснее.

Ошибка в угле скручивания подарила физикам встречу с легендарной бабочкой.

Открытая альтернатива Windows выходит из тени — но готова ли она?

Рискуем ли мы сами открыть дверь преступникам, полагаясь на защиту?

Как кремниевая оптика изменит миллионы серверов и даже смартфоны.

Визуальные ловушки уже адаптированы к «яблочной» аудитории без лишнего шума.

Parker совершает шаг за грань возможного ради науки.

Новая находка в археях Асгарда может переписать школьные учебники биологии.

Мозговые ритмы синхронизируются с вероятностью будущих событий.

Российский и мировой рынок систем Anti-DDoSНа отечественном рынке представлены разные средства защиты от DDoS-атак: локальные, облачные, комбинированные продукты и CDN-сервисы со встроенной защитой.

В 2024 году объём мирового рынка систем защиты от DDoS-атак оценивался в 4,15 млрд долларов США.

Локальные системы защиты от DDoS-атакНа локальном уровне системы защиты от DDoS-атак могут включать как физическое оборудование (например, серверы и защитные устройства), так и программные решения.

Система защищает от атак, которые вызывают перегрузку каналов связи и эксплуатируют уязвимости сетевых протоколов, и от сложных DDoS-атак на уровне приложений.

StormWallРоссийский разработчик StormWall пре…

Забегая вперёд, скажем, что мы поговорили о деятельности команды GReAT с Дмитрием Галовым, руководителем Kaspersky GReAT в России.

Ведь скоро заинтересованные лица будут изучать ИИ с точки зрения его применения не только для защиты, но и для атак.

Картина в целом: развитие бизнеса Kaspersky в РоссииДеятельность команды GReAT является частью бизнеса компании Kaspersky, которая сейчас работает по всему миру.

Сама компания Kaspersky не раз повторяла, что сосредоточена на поиске глобальных угроз и не связана с деятельностью спецслужб.

Дмитрий Галов, руководитель Kaspersky GReAT в РоссииКто же стоит за разработкой сложных киберугроз?

Ручные процессы, отсутствие автоматизации и недостаточная координация между командами могут замедлять реагирование, увеличивая риски и ущерб.

Для автоматизированного реагирования стоит обратить внимание в первую очередь на решения классов «оркестровка, автоматизация, реагирование» (SOAR), «платформа реагирования на инциденты» (IRP).

В рамках первого опроса зрители эфира ответили, какая задача или процесс лучше всего подходит для автоматизации в их среде.

Как будут эволюционировать решения по автоматизации реагирования?

Будут улучшать процессы реагирования 33%, заинтересовались средствами реагирования и автоматизации — 27%.

Как правильно выстроить реагирование на инциденты информационной безопасности: ключевые этапы, распределение ролей и полномочий, необходимые компетенции сотрудников и типичные ошибки.

Первый опрос в прямом эфире AM Live показал, насколько компании готовы к реагированию на инциденты в ИБ.

Оценка этой цепочки взаимодействующих объектов при инциденте помогает понять, что происходит и на что это может повлиять.

Если ИБ находится в подчинении у IT, то IT должны больше углублять знания в ИБ и иметь соответствующие компетенции.

ВыводыДля эффективного реагирования на инциденты информационной безопасности компании необходимо иметь заранее разработанные сценарии и регулярно проводить учения.

Например, стеганографию в сочетании с криптографией применяли агенты ЦРУ для связи с одним из ценнейших агентов в СССР Александром Огородником («Трианоном»).

Однако по-настоящему массовой использование стеганографии стало в цифровую эпоху, когда эти технологии начали массово использоваться как в злонамеренных, так и в легитимных целях.

Тут используются те же принципы, как и в методе, описанном выше, изобретение которого приписывают маркизу де Саду.

Применяют данную технологию и для контроля выхода рекламы на телевидении и радио в указанное в контрактах время.

В 2020 году графические файлы, в которые был внедрен Mimikatz, были использованы для атаки на промышленные компании в Европе и Японии.

Этого достаточно для изучения темы и для образовательных целей.

Ответ GigaChat на «запретную» темуСледующий вопрос — попросить показать примеры теста на проникновение с использованием межсайтового скриптинга (XSS).

GigaChat может сгенерировать код шаблона для NucleiСледующий пример – генерация кода для ПО Burp Suite.

GigaChat способен написать самостоятельно программу на PythonНаписание кода чат-ботов – тоже полезная функция, которую так и хочется возложить на GigaChat.

Оценка GigaChat для программного кода с точки зрения безопасности, производительности, примененияИспользование GigaChat в работе опытных разработчиковИИ привносит в работу разработчиков и пользователей существенные изменения.

Для защиты от атак на кластеры контейнеризации в PT Container Security предусмотрено несколько уровней защиты.

Архитектура PT Container Security при работе с runtimeСистемные требования PT Container SecurityСервер, на котором выполняется установка PT CS, должен соответствовать минимальным требованиям, приведённым в таблице.

Просмотр образов в PT Container SecurityРеагирование в системе производится при помощи уведомления ответственных пользователей либо блокировки.

Необработанные данные события в PT Container SecurityОдной из ключевых возможностей PT Container Security является построение дерева процессов.

Раздел детекторов в PT Container SecurityВыводыPT Container Security позволяет обеспе…

Этой темой необходимо активно заниматься: хакеры продолжают наращивать свою деятельность и в рамках хактивизма, и для получения финансовой выгоды, и для отвлечения внимания в процессе более тонких и целенаправленных атак.

Иногда важно помогать клиенту видеть общую картину его инфраструктуры и не забывать о защите всех её элементов.

Эксперт напомнил, что в России есть дополнительный эшелон в виде Национальной системы противодействия DDoS-атакам (НСПА).

Если решения и в облаке, и в on-premise работают одинаково хорошо, обмен данными будет быстрым и качественным.

Часть II: сравнение облачных сервисов защиты от DDoSВторая часть эфира была посвящена сравнению лучших российских сервисов защиты от…

Как сообщает официальный сайт МЦСТ, работа над данной архитектурой началась в 1986 году в Институте точной механики и вычислительной техники (ИТМ и ВТ) им.

Американский Конгресс в 2023 году пытался ограничить доступ к разработкам RISC-V для китайских компаний, но оказалось, что сделать этого невозможно.

Главная проблема, однако, состоит в том, что чипов не хватает для внутренних нужд госучреждений и компаний самого Китая, так что экспорт их запрещен.

Так что не случайно, что в этот лагерь переметнулись те, кто пытался сделать ставки на другие архитектуры.

Однако ясно, что для критически важных применений она не годится в силу закрытости используемых архитектур и зарубежного происхождения.

Санкции 2022 года сильно усложнили отношения Microsoft с российскими компаниями. Отказ от продления лицензий в сентябре 2023 года вызвал многочисленные иски с требованиями компенсаций. Однако политика Трампа даёт надежду на возвращение западных ИТ-компаний. Какое будущее ждёт Microsoft в России? ВведениеMicrosoft в России до санкцийСанкционная эпохаПоддержка Microsoft в адрес Байдена и Харрис во время выборов 2024 года в СШАНаступит ли «оттепель» в 2025?Microsoft и российские компании в 20256.1. «Газпромбанк»6.2. «Лента»Как может выглядеть возврат Microsoft на российский рынок?ВыводыВведениеMicrosoft — компания, влияние которой на мировой технологический ландшафт неоспоримо. Независимо от т…

PT Dephaze: потребность в продукте, ожидаемые функции27 февраля компания Positive Technologies объявила о выпуске нового продукта — PT Dephaze.

Анонс PT Dephaze в «Кибердоме»PT Dephaze устанавливается внутри корпоративной инфраструктуры и предназначен для автоматического тестирования на проникновение.

Фактически речь идёт о дополнительных проверках, и поэтому PT Dephaze не заменяет услуги классического пентеста, а дополняет их.

«В основу PT Dephaze заложены прежде всего многолетний опыт в пентестах и знания, которые были накоплены экспертами центра PT Expert Security Center (PT ESC) и постоянно обновляются.

Поэтому любая возможность управления из элементов, связанных с LLM, сейчас отсутству…

Ожидается, что такой формат позволит сохранить достигнутый уровень сервиса на региональных рынках и собирать унифицированные данные, позволяющие оценить состояние сети как в региональном масштабе, так и на глобальном уровне.

Предприятия расположены в России и других странах СНГ, Северной и Южной Америке, Европе, Юго-Восточной Азии и на Ближнем Востоке.

Как рассказал Эдгар Микаелян, руководитель pre-sales отдела в компании Curator, за последние годы в методологии защиты от DDoS-атак произошли серьёзные изменения.

Трафик из России, попавший в Cloudflare под очистку (митигацию) и блокировку (DDoS-атаки и WAF)Следует отметить важное отличие между оценками бот-трафика, которые дают Curator и Clo…

В минувшую пятницу, 28 февраля, стало известно, что министр обороны США Пит Хегсет дал распоряжение прекратить кибероперации против России.

Введение28 февраля издание Recorded Future News сообщило, что в середине месяца министр обороны США Пит Хегсет приказал Киберкомандованию Армии США (United States Cyber Command, USCYBERCOM) прекратить операции против России.

Ещё в 2018 году оно получило карт-бланш, речь шла в том числе о превентивных мерах в отношении компаний и стран, которые атакуют объекты в США.

К составлению документа приступили существенно раньше, чем стали известны итоги президентских выборов в США, тогда никто не ожидал оживления российско-американского диалога.

Есть также вероя…

Открытие лаборатории «Кода Безопасности» в БГУИР (Минск)Как заявил на открытии Андрей Голов, гендиректор «Кода Безопасности», в этом проекте коммерческие цели не ставятся.

Факультет информационной безопасности БГУИРПродукты «Кода Безопасности» сертифицированы в БеларусиГлавным регулирующим органом, осуществляющим надзор над применением продуктов безопасности на территории Республики Беларусь, является Оперативно-аналитический центр при Президенте РБ (ОАЦ).

Продукты «Кода Безопасности», сертифицированные в Республике БеларусьДрайверы выхода ИБ-компании на внешний рынокВоспользовавшись поводом, мы попросили Андрея Голова рассказать, как «Код Безопасности» строит стратегию выхода на внешние ры…

Threat Intelligence (TI, разведка угроз) — это процесс сбора и анализа информации о существующих и потенциальных угрозах в киберпространстве.

Валерия Чулкова сочла, что для начала допустимо использовать свободно распространяемые потоки данных (опенсорсные фиды).

Алексей Вишняков:«Заказчики смогут лучше формировать свои требования, ориентируясь не на количество и разнообразие данных, а на сценарии использования.

Валерия Чулкова:«Атаки и угрозы будут сложнее, как и задачи разработчиков.

Егор Клименко:«Из-за роста атак с использованием ИИ увеличится спрос на TI, так как он необходим для защиты от сложных угроз».

В данной статье мы разберем самые основы менеджмента информационной безопасности, которые должен понимать каждый специалист по информационной безопасности, а уж Сертифицированный Специалист по Кибербезопасности и подавно.

Техническими – это различные технические средства, которые могут быть и в виде «железа», и в виде программного обеспечения или даже их компонентов.

Определив процессы и подразделения, попавшие в границы СМИБ, можно уже на высшем уровне организации определить политику информационной безопасности, в которую включить цели информационной безопасности и принципы их достижения.

ЗаключениеРассмотренные понятия актива, угроз, мер безопасности, PDCA, СМИБ являются ключами для поним…

Для заполнения этого пробела был создан российский аналог CISSP и CISM — сертификация ССК (Сертифицированный специалист по кибербезопасности).

Для этого важно не только уметь применять современные технологии информационной безопасности, но и управлять процессами информационной безопасности в организации.

Статьи по домену «Менеджмент информационной безопасности»:- Менеджмент информационной безопасности.

Эти требования существуют не только для самой организации и её конкретных процессов, но и для информационных систем, используемых для поддержки этих процессов, а также для средств защиты информации.

Форматы экзаменовСистема сертификации предусматривает два вида экзаменов: экзамен на статус ка…

Например, в нашей топологии голосовой трафик может идти через серийный линк, а пользовательский трафик — через Fast Ethernet.

видно два типа сообщений:FIB policy rejected(no match) — Пакеты, которые не совпали с условиями PBR и пошли по обычной маршрутизации.

FIB policy routed — Пакеты, которые прошли через маршрутизацию на основе политики (PBR) и пошли через заданный next-hop.

Другие команды диагностикиНа скриншоте показана диагностика конфигурации Policy-Based Routing (PBR) на маршрутизаторе R3.

В выводе команды show route-map видим, что в route-map есть:Match clause : используется ACL под названием CTRL-ACL , который фильтрует пакеты по заданным критериям.

Наличие таких объектов в базе и политиках всегда имеет обратную сторону в виде проблем, которые возникают время от времени.

### Разрастание базы объектов и их устареваниеПочти всегда база объектов разрастается в силу того, что новые сущности создаются, а старые и не востребованные остаются и не удаляются, поскольку не известно используется ли ещё объект или нет.

Увеличение количества объектов влияет на производительность устройства, на скорость работы с базой объектов и понимание логики работы.

Некоторые компании таким образом разграничивают доступ к сервисам не только по привычным полям и значениям, но и по времени.

### Автоматическая подстановка в правило объектов не позволяющих его приме…

Комплиментарный сервис гугла - Maps Timeline позволял пользователям легко посмотреть историю своих перемещений на гугл картах, с привязкой к посещённым местам, сделанным фотографиям.

И вот сегодня с утра гугл "порадовал" меня, да и миллионы других пользователей письмом, о том, что ВСЁ ПРОПАЛО!

Да, всё совсем пропало В результате вредительства со стороны гугл хронология в моём телефоне выглядит так.

Всё, что было ранее - все страны, континенты, места, города, пройденные тысячи километров - всё удалено.

Но это был сервис идущий в комплекте с софтом, который в свою очередь шёл с телефоном от той же компании.

источник и сайтSOP разрешает встраивать изображения с помощью тега , мультимедиа с помощью тега и JavaScript с помощью тега

Но проблема утечек памяти из-за циклических ссылок остается нерешенной и по сей день.

Чтобы понять, почему проблема циклических ссылок до сих пор не была решена, следует пояснить, откуда эта проблема вообще взялась.

Как статически доказать отсутствие циклических ссылок в программе?

Ведь проблему утечки памяти из-за циклических ссылок очень просто решить путем запрета на определение сильных рекурсивных ссылок в компиляторе на уровне типов (структур) данных.

Тогда будет ненужно проводить анализ графа выполнения кода на предмет возникновения циклических ссылок, так как они будут запрещены компилятором на уровне типов(структур) данных!

Мы уже рассматривали получение доступа к заданиям, выполняющимся на принтере, но теперь давайте попробуем добраться до энергонезависимой памяти устройств печати.

Ну и при большом желании можно модифицировать память принтера и выполнить произвольный код.

Таким образом, веб‑злоумышленник может получить результаты и для команд PJL.

А при пентесте важно рассматривать печать как отдельный вектор и проверять его не менее тщательно, чем AD, Exchange и другие корпоративные системы.

В заключение рекомендую обратить внимание на открытые уроки, которые пройдут в марте в Otus:«Роль CISO в построении системы информационной безопасности».

Network Address Translation (NAT) — это технология, используемая для изменения IP-адресов в заголовках пакетов, проходящих через маршрутизатор или фаервол.

Существуют различные виды NAT, такие как Static NAT, Dynamic NAT и Перегруженный NAT (PAT), каждый из которых применяется в зависимости от потребностей сети и управления адресами.

Это осуществляется с помощью технологии NAT (Network Address Translation), которая позволяет нескольким устройствам внутри частной сети использовать один публичный IP-адрес для выхода в интернет.

Можем также посмотреть в реальном времени трансляцию NATКоманда show ip nat translation используется для отображения текущих записей в таблице NAT на маршрутизаторе.

Е…

Какие тенденции влияли на ИТ-рынок в 2024 году и что ждет его в 2025?

С 2025 г. ставка налога на прибыль для ИТ-организаций составит 5% до 2030 г. согласно ФЗ от 12.07.2024 № 176-ФЗ.

До конца 2025 года сохранится нулевая ставка НДС для ИТ-компаний при передаче исключительных прав на ПО и базы данных.

Новые меры будут направлены на стимулирование спроса на российское ПО, например, на поддержку форвардных контрактов, предоставление скидок на покупку российского ПО и пр.

В 2025 г. ожидаются продолжение изменения законодательства в области кибербезопасности, а также практическая помощь в устранении киберугроз.

В этой статье мы разберём основные методы шифрования в TLS, рассмотрим их преимущества и недостатки, а также дадим практические рекомендации по настройке безопасного соединения.

Отличия TLS от SSLХотя TLS и SSL часто используют как взаимозаменяемые термины, между ними есть существенные различия:Безопасность: TLS является более безопасным протоколом, чем SSL.

Алгоритмы шифрования: TLS поддерживает более современные и безопасные алгоритмы шифрования, такие как AES и ChaCha20, в то время как SSL использует устаревшие алгоритмы, такие как RC4.

Методы шифрования в TLSTLS использует комбинацию симметричного и асимметричного шифрования, а также хеш-функции для обеспечения безопасности данных.

Недо…

Обещаю, это не сложно.

puts result.getvalue(0, 0) # Предполагается, что в результате содержится столбец.

pg_escape_stringpg_escape_stringpg_escape_stringPQescapeStringInternalPQescapeStringInternal является частью libpq , библиотеки C, предоставляющей интерфейсы для взаимодействия с сервером Postgres и, что важно, включающей инструмент командной строки psql.

И в разных языках программирования эту сложность преподносят программистам по-разному.

Такой компромисс раскрывает дополнительную сложность строк, которая не столь очевидна в других языках, зато избавляет вас от необходимости обрабатывать возможные ошибки, связанные с символами не в кодировке ASCII.

Цифровые следы — это совокупность информации о действиях пользователя в цифровой среде, уникальный набор данных, который создаётся в результате любого взаимодействия с цифровыми устройствами, платформами и сервисами.

Как считаете: влияет ли это на вашу жизнь?

Он формируется в результате целенаправленных действий пользователя и обычно включает в себя:публикации и комментарии в социальных сетях;отправленные электронные письма и сообщения;загруженные фотографии и видео;заполненные онлайн-формы и анкеты;отзывы о товарах и услугах;подписки на рассылки и сервисы и др.

Например, в России с 1 сентября 2025 года компании должны передавать обезличенные сведения в государственную информационную систем…

А пока расскажем немного о том, как мы делали свой «большой VPN» — «не хуже, чем у других».

Мы по-прежнему считаем, что это одно из лучших решений, и мы очень благодарны читателям «Хабра», которые советовали и продолжают советовать AmneziaVPN как self-hosted клиент.

Это не так сложно, как может показаться, но очевидно отпугивает тех, кто просто хотят скачать VPN и сразу начать им пользоваться.

И мы именно так и относились к Premium практически до последнего момента, пока не провели опрос.

Так мы поняли, что нужно скорее довести Amnezia Premium до уровня других VPN и постараться сделать его ещё лучше.

Сидишь в четырех сте­нах, как в клет­ке.

Ну, в смыс­ле, зас­лать кое‑что в Шта­ты и сде­лать так, что­бы эта посылоч­ка ока­залась в нуж­ное вре­мя и в нуж­ном мес­те?

Он мог сво­бод­но заходить в сто­ловую, в курил­ку, в зал для отды­ха и в перего­вор­ную, но в дру­гие помеще­ния и на смеж­ные эта­жи хода не было.

— Он текущую геопо­зицию вычис­ляет и переда­ет на уда­лен­ный сер­вак с задан­ным интерва­лом, — на вся­кий слу­чай пояс­нил Кирилл.

Сам глянь, и в «Эклипсо­ре», и в тво­ем сем­пле он прак­тичес­ки оди­нако­вый.

Издание «Русбейс» сообщает, что за последнюю неделю Роскомнадзор направил компании Google запросы на удаление десятков VPN-сервисов из магазина Google Play.

Данные о запросах ведомства содержатся в Lumen Database — открытой базе данных, куда Google и другие зарубежные сервисы передают информацию о поступающих к ним запросах на удаление материалов.

«Русбейс» сообщает, что изучение статистики Lumen Database за последние полгода показывает, что ранее Роскомнадзор не отправлял запросы на удаление VPN из Google Play с такой частотой.

По информации из Lumen Database, теперь, в числе прочего, Роскомнадзор требует удаления из Google Play VPN-сервиса WARP компании Cloudflare, а также других VPN, кот…

Производитель сетевого оборудования, компания Keenetic, предупреждает пользователей, зарегистрировавшихся до 16 марта 2023 года, о несанкционированном доступе к БД своего мобильного приложения.

Тогда исследователь заверил компанию, что не передавал кому-либо обнаруженные данные и уничтожил те образцы, к которым получил доступ.

До недавнего времени никаких других свидетельств компрометации БД у компании не было.

В частности, утечка не коснулась данных RMM, данных учетных записей Keenetic, приватных ключей, а также конфигурации туннелей WireGuard VPN и данных OpenVPN.

Отдельно подчеркивается, что Keenetic не собирает, не хранит и не анализирует данные о платежных картах или связанных с ними у…

Есть нес­коль­ко инс­тру­мен­тов для рас­паков­ки package , но про­ще все­го ока­залось работать с ним в Sims 4 Studio.

Пар­серы лежащих в package фай­лов тоже могут содер­жать ошиб­ки, как я это показы­вал в недав­ней статье про GTA Vice City, а зна­чит, могут при­вес­ти к исполне­нию про­изволь­ного кода.

Соз­даем исходный скрипт в пап­ке для модифи­каций, нап­ример по пути Mods\ test\ Scripts\ test_mod.

commands @sims4.

В любом слу­чае метод нападе­ния уже понятен — вре­донос­ный скрипт на Python внут­ри фай­ла ts4script .

Общее число инцидентов выросло на 13% по сравнению с аналогичным периодом 2023 года.

Чаще всего злоумышленники использовали против организаций шифровальщики (42%), вредоносное ПО для удаленного управления (38%) и шпионское ПО (20%), в том числе предназначенное для кражи данных.

Для своих атак злоумышленники часто применяли уже утекшие персональные данные и взломанные аккаунты и создавали на их основе дипфейки.

Дело в том, что в буфер обмена в таком случае копируется зашифрованная строка PowerShell-команды, и злоумышленники предлагают пользователю вставить эти данные в командную строку.

Злоумышленники использовали рекламную сеть Monetag для показа всплывающей рекламы и продвижения более 3000…

В апреле в Москве пройдет форум «Территория безопасности 2025: все pro ИБ» – ежегодное мероприятие, включающее в себя четыре конференции, а также выставку отечественных технологий информационной безопасности.

Когда : 3 апреля 2025 года: 3 апреля 2025 года Где : Hyatt Regency Moscow Petrovsky Park (г. Москва, Ленинградский просп., д.

33) Сайт: www.terrabez-conf.ruУчастников мероприятия ждут различные доклады и мастер-классы, дискуссии, технологические обзоры и практические панели в сфере информационной безопасности.

Эксперты и гости обсудят текущий ландшафт угроз, обзоры и инсайты в рамках четырех конференций:Также в рамках мероприятия пройдет ИБ-выставка.

«Территория безопасности 2025» — жи…

Компания Amazon сообщила, что отказывается от использования не слишком популярной опции конфиденциальности, которая позволяла пользователям умных колонок Echo не отправлять голосовые запросы в облако компании.

Начиная с 28 марта 2025 года Amazon прекратит поддержку опции «Не передавать голосовые записи» (Do not send voice recordings), которая позволяла не отправлять аудио в облако Amazon, а обрабатывать запросы на устройстве локально.

В электронном письме, направленном клиентам, которые пользовались этой опцией, Amazon сообщила, что приняла решение «больше не поддерживать эту функцию», поскольку расширяет возможности Alexa за счет генеративных ИИ-функций, работа которых осуществляется в обл…

Разработчики рассказали, что странный номер версии объясняется тем, что в последний момент в версии 2025.1 была обнаружена ошибка, которая потребовала исправления и пересборки.

«Как и в предыдущих релизах, в первом релизе года, 20XX.1, мы обновили тему — это традиция, которая позволяет поддерживать интерфейс таким же современным, как и наши инструменты», — пишут разработчики.

— Ожидайте заметных обновлений в загрузочном меню, экране входа в систему и потрясающий выбор обоев для рабочего стола в Kali и Kali Purple».

Также разработчики сообщили, что обновили ядро до версии 6.12, внесли ряд изменений в образ Raspberry Pi 2025.1a и обновили Kali NetHunter.

Полный список изменений в релизе Kali …

СМИ сообщили, что подведомственный Роскомнадзору (РКН) Центр мониторинга и управления сетью связи общего пользования (ЦМУ ССОП) в ближайший месяц проведет исследование зависимости российских сервисов от зарубежной инфраструктуры.

«ЦМУ ССОП в ближайший месяц проведет плановые технические проверки использования российскими сервисами и операторами связи иностранной серверной инфраструктуры», — сообщили ТАСС в пресс-службе РКН.

Как объяснили представители ведомства, такие исследования необходимы «для выработки мер по повышению устойчивости и безопасности работы упомянутых сервисов в рамках задачи обеспечения сетевого суверенитета».

Как сообщал Telegram-канал Tech Talk, сбои были вызваны тем, чт…

По данным Trend Micro Zero Day Initiative (ZDI), не менее 11 «правительственных» хак-групп использовали ранее неизвестную уязвимость нулевого дня в Windows для кражи данных и кибершпионажа.

«В этих кампаниях использовались различные полезные нагрузки и загрузчики вредоносного ПО, включая Ursnif, Gh0st RAT и Trickbot, а MaaS-платформы дополнительно усложняют составление полной картины угроз», — говорят в Trend Micro.

Баг позволяет использовать файлы .lnk в Windows для уклонения от обнаружения и выполнения кода на уязвимых устройствах без ведома пользователя.

Злоумышленник может использовать эту уязвимость для выполнения кода в контексте текущего пользователя».

После публикации отчета Trend M…

Патч, мешающий житьКог­да я иссле­довал рут­киты для Linux, то неод­нократ­но посещал GitHub в поис­ках подоб­ных прог­рамм, что­бы при­мер­но понимать их струк­туру и фун­кци­ональ­ные воз­можнос­ти.

h static struct kprobe un = { // Место, куда мы будем ставить бряк ( экспортированный ядром символ) .

Подыто­жив ска­зан­ное, напишем обра­бот­чик команд поль­зовате­ля:// Идентификатор команды, которую будет отлавливать обработчик команд #define ROOT "wanna_root" // Наша проба static struct kprobe un = { .

val = newcreds -> gid .

val = newcreds -> egid .

Злоумышленники создали загрузчик ArcanaLoader, который якобы нужен для скачивания популярных читов для игр (например, для Minecraft), но на деле он заражает устройства малварью.

По словам исследователей, неизвестная хак-группа начинала распространение Arcane с размещения рекламы на YouTube.

На одном из Discord-каналов исследователи обнаружили объявления о поиске блогеров для рекламы на YouTube: предполагается, что они должны добавлять ссылки на загрузчик в описание под своими роликами.

Игровые клиенты и сервисы: Riot Client, Epic, Steam, Ubisoft Connect (бывший Uplay), Roblox, Battle.net, различные клиенты Minecraft.

Однако мы видим, что в случае с Arcane атакующие усовершенствовали свои ин…

В мессенджере WhatsApp исправили уязвимость нулевого дня, которая использовалась для установки шпионского ПО Graphite компании Paragon.

Израильский разработчик шпионского ПО Paragon Solutions Ltd. был основан в 2019 году.

Устройство жертвы автоматически обрабатывало этот файл, происходила эксплуатация 0-day уязвимости, и на устройство пользователя загружалась спайварь Graphite.

Обнаруженная инфраструктура оказалась связана с веб-страницами под названием “Paragon”, которые возвращались с IP-адресов в Израиле (где базируется Paragon), а также с сертификатом TLS, содержащим название организации Graphite.

В компании заявили, что решили не присваивать уязвимости идентификатор CVE после «изучения…

Исследователи считают, что к недавней компрометации пакета tj-actions/changed-files привела каскадная атака на цепочку поставок, начавшаяся со взлома GitHub Action reviewdog/action-setup@v1.

Как и в случае с tj-actions, раскрытые секреты в итоге отображались в публичных репозиториях как часть логов.

Теперь всем потенциально пострадавшим проектам рекомендуется выполнить этот запрос на GitHub, чтобы проверить, есть ли в репозиториях ссылки на reviewdog/action-setup@v1.

Обнаружение в логах рабочих процессов полезных нагрузок, дважды закодированных в base64, может считаться подтверждением утечки секретов.

Разработчикам рекомендуется немедленно удалить любые ссылки на затронутые GitHub Actions, …

Пользователи соцсетей рассказывают, что нашли новый способ использования новой ИИ-модели Gemini: удаление водяных знаков с изображений, в том числе с изображений, опубликованных в Getty Images и других известных фотобанках.

The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.

"Based on the Administration's review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technology and legal environments, we have exercised our discretion to remove the economic sanctions against Tornado Cash," the Treasury said in a statement.

The department's Office of Foreign Assets Control (OFAC) added Tornado Cash to its sanctions list in August 2022.

"Digital assets…

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023.

The foothold is then used to drop several open-source tools to conduct network reconnaissance, system information gathering, and lateral movement.

The threat actor has also been leveraging tools like Mimikatz, LaZagne, and a browser-based extractor dubbed BrowserDataLite to harvest credentials to further burrow deep into the target environment via RDP, WMIC, or Impact.

The threat actor also engages in systematic data theft by enumerating local and shared drives to find data of interest.

"The activity that we monitored suggests that the post-…

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools.

Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS) called HeartCrypt.

The driver in question, "smuol.sys," mimics a legitimate CrowdStrike Falcon driver ("CSAgent.sys").

"The use of custom malware other than encrypting payloads is relatively unusual in ransomware attacks.

Most attackers rely on legitimate tools, living off the land, and publicly ava…

In this article, we'll cover the ten most critical internal network security risks, breaking down what they are, why they're dangerous, and how to fix them before they turn into real problems.

Outdated Microsoft Windows SystemsCVSS3: 9.8% of occurrence: 24.9%What is it:Outdated Microsoft Windows system(s) present significant security risks, as they are no longer receiving critical updates from Microsoft.

Malicious actors can exploit this by sending crafted responses containing the attacker's system's address.

For instance, services such as SMB, MSSQL, or HTTP could inadvertently send sensitive data, including cleartext or hashed account credentials, to the attacker's system.

On Windows syst…

The China-linked advanced persistent threat (APT) group.

known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations.

Aquatic Panda, also called Bronze University, Charcoal Typhoon, Earth Lusca, and RedHotel, is a cyber espionage group from China that's known to be active since at least 2019.

The 2022 attacks are characterized by the use of five different malware families: A loader named ScatterBee that's used to drop ShadowPad, Spyder, SodaMaster, and RPipeCommander.

"APT10 was the first group known to have access to [SodaMaster] but Operation FishMedley indicates that it may now be shared among multiple China-aligned APT gr…

Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal.

"Head Mare relied heavily on tools previously associated with Twelve.

Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents," the company said.

"Head Mare is actively expanding its set of techniques and tools," Kaspersky said.

Head Mare is working with Twelve to launch attacks on state- and privately-controlled companies in Russia."

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center.

That said, the vulnerabilities are only exploitable in scenarios where the utility is actively running.

The shortcomings, which impact versions 2.0.0, 2.1.0, and 2.2.0, have since been patched by Cisco in September 2024.

Version 2.3.0 of Cisco Smart License Utility is not susceptible to the two bugs.

In light of active abuse, it's imperative that users apply the necessary patches for optimal protection.

YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users.

The attack chains involve sharing links to a password-protected archive on YouTube videos, which, when opened, unpacks a start.bat batch file that's responsible for retrieving another archive file via PowerShell.

Of the two binaries, one is a cryptocurrency miner and the other is a stealer dubbed VGS that's a variant of the Phemedrone Stealer malware.

Adding to its capabilities, the stealer malware implements a separate method for extracting cookies from Chromium-based browsers launching a copy of the browser through a debug port.

Th…

Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution.

The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0.

"A vulnerability allowing remote code execution (RCE) by authenticated domain users," the company said in an advisory released Wednesday.

"Better yet - if you have joined your server to the domain, these vulnerabilities can be exploited by any domain user."

The development comes as IBM has shipped fixes to remediate two critical bugs in its AIX operating system that could permit command execution.

This partnership approach ensures comprehensive protection through clearly defined roles and responsibilities.

Their security team manages physical infrastructure security, including state-of-the-art data centers and robust network architecture.

Implement the principle of least privilege access for each role, ensuring users have only the permissions necessary for their job functions.

Data Protection ConfigurationBegin your data protection journey by conducting a thorough assessment of your organization's information assets.

Establish a comprehensive security training program that addresses different audience needs throughout the month.

The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab.

The interdisciplinary lab said it identified the six governments as "suspected Paragon deployments" after mapping the server infrastructure suspected to be associated with the spyware.

The development comes nearly two months after Meta-owned WhatsApp said it notified around 90 journalists and civil society members that it said were targeted by Graphite.

The final stage entails escaping the Android sandbox to compromise other apps on the targeted devices.

Further investigation of hacked And…

How Compliance Manager GRC Turns Compliance into a Scalable MSP ServiceFor many MSPs, managing compliance manually is complex, overwhelming and unprofitable.

MSP Success with Compliance Manager GRC – A Case Study"Before using Compliance Manager GRC, compliance was drowning us.

How Compliance Monitoring Helps MSPs Expand Their Client BaseFor MSPs, offering continuous compliance monitoring isn't just about helping existing clients—it's also a growth opportunity.

How MSPs Can Implement Continuous Compliance MonitoringTo successfully offer compliance monitoring, you should:Leverage Automated Compliance Tools – Use platforms like Compliance Manager GRC that provide real-time compliance assessmen…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to read files on the target host, including sensitive ones such as "/etc/shadow" via the endpoint "/c/router."

"NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files," CISA said in an advisory.

The cybersecurity firm further noted that…

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat).

The activity involves distributing malicious messages via the Signal messaging app that contain supposed meeting minutes.

Some of these messages are sent from previously compromised Signal accounts so as to increase the likelihood of success of the attacks.

DCRat, a well-documented remote access trojan (RAT), facilitates the execution of arbitrary commands, steals valuable information, and establishes remote control over infected devices.

"With its inaction, Signal is helping Russians gather information, target our soldiers, and compromis…

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managersESET researchers have observed a malicious campaign where North Korea-aligned threat actors, posing as headhunters, target freelance software developers with info-stealing malware.

The activities – named DeceptiveDevelopment and going back to at least November 2023 – involve spearphishing messages that are being distributed on job-hunting and freelancing sites and ask the targets to take a coding test, with the files necessary for the task usually hosted on private repositories such as GitHub.

These files are lade…

Key points of this blogpost: DeceptiveDevelopment targets freelance software developers through spearphishing on job-hunting and freelancing sites, aiming to steal cryptocurrency wallets and login information from browsers and password managers.

However, while Operation DreamJob targeted defense and aerospace engineers, DeceptiveDevelopment reaches out to freelance software developers, often those involved in cryptocurrency projects.

VictimologyThe primary targets of this DeceptiveDevelopment campaign are software developers, mainly those involved in cryptocurrency and decentralized finance projects.

In addition to the connections between the GitHub profiles, the malware used in DeceptiveDe…

What do job termination scams look like?

At their simplest, job termination scams are a type of phishing attack designed to trick you into handing over your personal and financial information, or on clicking on a malicious link which could trigger a malware download.

Termination scams are effective because they exploit the credulity of human beings, creating a sense of dread among the victim, and instilling an urgent need for action.

How to spot a job termination scamAs with any phishing attack, there are a few warning signs which should flash red if such an email ends up in your inbox.

Staying safeTo ensure you don’t get caught out by job termination scams, understand the warning signs lis…

Most people acknowledge that climate change is real and human-driven, yet many still struggle to see how it directly affects their lives.

To bridge this gap, Dr. Katharine Hayhoe introduces a simple but powerful equation:Science + Worry + Action = HopeAs one of the world’s most effective climate communicators, Dr. Hayhoe maintains that understanding the science (head) isn’t enough – we must also feel its urgency (heart) before we can take meaningful action (hands).

This approach transforms climate awareness into tangible solutions and, indeed, echoes the wisdom of Jane Goodall, who said during her own Starmus talk that “It’s only when our clever brain and our human heart come together that …

Enter loot boxes, skin betting, and other microtransactions that have become a controversial feature of many video games.

Studies estimate that by the end of 2025, loot boxes will generate over US$20 billion in revenue.

Here’s a snapshot of legislative action undertaken by some countries vis-à-vis loot boxes and other in-game extras:What can parents do?

The problem with loot boxes and other controversial in-game purchases isn’t going away anytime soon.

Loot boxes and gambling-like mechanics in video games are not just a passing fad, so be aware of the risks.

Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

That is the reality for penetration testers – or, more broadly, ethical hackers – who get paid to think like criminals so that they can identify and help close security loopholes before the actual bad guys can exploit them.

In this episode of the Unlocked 403 cybersecurity podcast, Becks sits down with ESET penetration testers Tomas Lezovic and Pavol Michalec to give you a peek into the high-stakes world of hacking for good, answering questions like:Why are some organizations hesitant to engage third-party pentesters?

How can something as innocuous as a ladder help breac…

But AI is also used to help cybercriminals be more productive, especially when it comes to identity fraud – the most common fraud type today.

How does AI-driven identity fraud work?

According to one estimate, AI-driven fraud now accounts for over two-fifths (43%) of all fraud attempts recorded by the financial and payments sector.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

In his talk, Neil Lawrence, the Deep Mind Professor of Machine Learning at the University of Cambridge, tackles the aforementioned fundamental question head-on.

With a career dedicated to understanding the intersection of technology and human potential, Mr. Lawrence explores how intelligent systems can complement, rather than replace, human capabilities.

Indeed, Mr. Lawrence goes on to examine how technological breakthroughs have forced us to reconsider the traits we hold as inherently human.

Each time a machine did something we thought was uniquely human, it cut something away from us.

And if we find what that moment is, does it tell us something about the essence of humanity?

Vulnerability exploitation has long been a popular tactic for threat actors.

Observed cases of vulnerability exploitation resulting in data breaches surged three-fold annually in 2023, according to one estimate.

Another trend is of targeting perimeter-based products with vulnerability exploitation.

Making things worseAs if that weren’t enough to concern network defenders, their efforts are complicated further by:The sheer speed of vulnerability exploitation.

In time, they may even be able to use GenAI to help find zero-day vulnerabilities.

Can our AI systems be far less energy-hungry without sacrificing performance?

In his talk, Roeland Nusselder, a computer scientist and the CEO of Plumerai, explores how the growing scale of AI models, such as those used in machine learning and natural language processing, are becoming ever more resource-intensive.

He goes on to show how the rapid development of AI technologies could potentially overwhelm our current energy infrastructure, unless we make significant innovations to reduce their energy consumption.

To counter this trend, Mr Nusselder introduces the concept of "tiny AI", or AI systems that are optimized to be much smaller, more efficient, and less energy-hungry without sacrific…

Alongside this, DeepSeek has faced intense scrutiny over its privacy and security practices, bringing to light several risks surrounding (not necessarily only DeepSeek’s) AI models.

Scams and malwareOne example comes from a user on X who posted some details about a website that mimics the official one and urges visitors to download what poses as DeepSeek's AI model.

Much like has been the case with TikTok and other Chinese online services, DeepSeek’s data collection practices also garnered scrutiny almost immediately, including from regulatory authorities in the United States, Ireland, Italy and France.

Make sure to also use multilayered security software across all your devices that can go…

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacyThe first month of 2025 was another whirlwind month in cybersecurity, with cyber-landscape shifts, new data breaches, and other key stories and developments you shouldn't miss.

In this edition of the monthly roundup, ESET Chief Security Evangelist Tony Anscombe looks at:the furor over an AI model from a little-known Chinese company called DeepSeek that, to almost everyone's surprise, rivals the performance of leading U.S.-made AI models like ChatGPT – apparently at a fraction of the cost while using fewer and…

Types of data poisoningThere are various types of data poisoning attacks, such as:Data injection: Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Trigger injection: This attack injects data into the AI model’s training set to create a trigger.

As AI models often use third-party components, vulnerabilities introduced during the supply chain process can ultimately compromise the model’s security and leave it open to exploitation.

While enterprise AI models may not share data with third parties, they still gobble up internal data to improve…

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanityWhat is our place in the cosmic unfolding?

How did we come to be, and where are we ultimately going in the grand scheme of time?

These are some of the deepest existential questions that the renowned theoretical physicist and best-selling author Brian Greene explored in his Starmus talk.

In doing so, Mr Greene also considers whether these principles offer insights into not just our past, but also our future.

Find out in Mr Greene's talk where he explores the role of time and entropy in shaping everything from the cosmos to h…

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammersOnline gambling is big business.

Topping revenue of $84bn in 2023, the business of online casinos, virtual poker and sports betting is on the rise.

But as the industry grows and new users come online, scammers looking for quick wins are also targeting the online betting and gambling space in ever greater numbers.

From nefarious online casinos to malicious apps and phishing messages, the list of potential fraud channels continues to grow.

PhishingA social engineering technique as old as the internet, it’s no surprise that gambling scammers are also using phishing to ach…

Enterprises lack visibility into their own data, creating security risks that are compounding as organizations and their employees increase AI adoption, according to Bedrock Security.

The data visibility problem82% of cybersecurity professionals report gaps in finding and classifying organizational data across production, customer and employee data stores.

53% of security teams lack continuous and up-to-date visibility, with most requiring days or weeks to identify and locate sensitive data assets, increasing risk at a time when the average cost of data breach has grown to nearly $5 million.

Across all survey respondents, almost 59% added new AI data responsibilities in the past year.

The r…

Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials.

On those spoofed phishing pages, the only login option available to potential victims is with their Google account: the fields for logging in with Semrush account credentials are disabled.

A spoofed Semrush login page (Source: Malwarebytes)Why use Semrush as a lure?

Gaining access to those customers’ Google accounts allows attackers to place additional malicious Google ads, but also to gain insight into companies’ financial performance.

While the malicious Semrush domains used in this campaign have already been abandoned, others ca…

A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited.

About CVE-2024-48248CVE-2024-48248 is an absolute path traversal vulnerability that may allow remote, unauthenticated attackers to read files on the affected system.

CVE-2024-48248 affects NAKIVO Backup & Replication versions 10.11.3.86570 and earlier.

The company advised customers to download and upgrade to NAKIVO Backup & Replication version 11.0.0.88174 or later, and to check system logs for unusual or unauthorized access attempts that may indicate exploi…

If an organization relies on a single cloud-based host for its identity systems, it is exposed to a single point of failure.

Implementing a hybrid or multi-cloud identity strategy mitigates this risk.

Regain control over identity infrastructureTo reduce dependency on external SaaS providers, organizations should consider taking back control of their digital identity infrastructure.

For the highest level of preparedness, organizations can manage identity infrastructure systems themselves, reducing reliance on third party SaaS companies for critical functions.

A digital identity strategy that prioritizes resilience, flexibility, and control is no longer optional – it’s a business necessity.

Ransomware is the top predicted threat for 2025, which is especially concerning given 38% of security professionals say ransomware will become even more dangerous when powered by AI, according to Ivanti.

In comparison to the threat level, only 29% of security professionals say they are very prepared for ransomware attacks – leaving a significant gap in preparedness (29%), highlighting the need for more robust security measures.

52% of security professionals rate API and software vulnerabilities as high to critical threats, yet many organisations lack visibility into these risks.

“Business leaders are now having to get used to considering the impact that cyber risk has on broader business ri…

AI-powered phishing emails, deepfake phone calls, and fake tax prep websites are making tax scams more convincing and costly than ever, according to McAfee.

Cybercriminals are even impersonating trusted tax services to steal personal and financial information, adding another layer of deception.

While adults aged 18-24 are the most frequent targets of these sophisticated tax scams, people in this age group who have fallen victim to a scam and lost money as a result tend to lose smaller amounts.

“Scammers have long used tax season to exploit people sharing sensitive personal and financial information, but AI has made their scams more frequent and convincing than ever,” said Abhishek Karnik, H…

Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Cloudflare, Cytex, Keysight Technologies, and TXOne Networks.

Keysight AI Insight Brokers accelerates threat detection and responseKeysight Technologies announces the expansion of its Keysight Vision Network Packet Brokers (NPBs), with the introduction of AI Insight Brokers.

Cloudforce One threat events platform provides a real-time view of threat activityCloudflare launched the Cloudforce One threat events platform to provide real-time intelligence on cyberattacks occurring across the Internet.

Threat events provide users with actionable IoCs and event summaries, including the associated thr…

As cybercriminals have moved to a mobile-first attack strategy, rooting and jailbreaking mobile devices remain a powerful attack vector.

Such mobile devices bypass critical security protocols, leaving organizations vulnerable to mobile malware, data breaches, and complete system compromises.

The security risk of rooted devicesWhile mobile operating systems have implemented stronger defenses, the community behind mobile rooting tools continuously evolves to bypass detection.

Tools like Magisk, APatch, KernelSU, Dopamine, and Checkra1n are actively developing, introducing new stealth mechanisms that evade traditional mobile security measures.

“The cat-and-mouse game between security teams and…

AI Security ArchitectVerizon | USA | Hybrid – View job detailsAs an AI Security Architect, you will ensure security architecture reviews are integrated into Verizon’s AI development lifecycle.

Cybersecurity Assessment AnalystStarr Insurance | USA | On-site – View job detailsAs a Cybersecurity Assessment Analyst, you will conduct comprehensive cybersecurity assessments to identify vulnerabilities and risks within the organization’s systems and processes.

Cybersecurity EngineerICE | USA | On-site – View job detailsAs an Cybersecurity Engineer, you will assist in designing, planning, and implementing information security solutions.

Network Security Engineer (DevSecOps)Intel | USA | Hybrid – Vi…

SlashNext launched a new advanced URL analysis feature that performs live, in-depth scanning of unknown URLs, tracking requests and following redirection to track the original link to its final destination.

Developed specifically for complex attacks executed by cybercriminals who have learned to abuse trusted cloud application infrastructure, SlashNext’s URL analysis tool leverages AI to redefine email security, ensuring efficiency, accuracy, and continuous innovation.

SlashNext follows zero trust principles with an advanced URL analysis tool that dives deeper to identify where a URL goes, how it redirects, and what lies behind the link.

“SlashNext’s URL analysis tool cuts through any confu…

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version.

About CVE-2025-23120CVE-2025-23120 – which actually covers two RCE vulnerabilities based on similar deserialization gadgets – affects Veeam Backup & Replication versions 12, 12.1, 12.2, and 12.3.

The semi-good news is that the vulnerability affects only Backup & Replication servers that are joined to the organization’s Active Directory domain, and can be exploited only by authenticated domain users.

“Veeam explicitly mentions that domain-joined backup servers are against secur…

A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered.

The Betruger backdoorThe malware can take screenshots, log keystroke, scan networks, dump credentials, upload files to a command and control (C2) server, as well as be leveraged for privilege escalation.

After all, using malware can be a bit more conspicuous than using legitimate tools (e.g., remote monitoring and management software).

“Betruger is just one of a range of tools that have been used by RansomHub affiliates in recent months.

Symantec has shared indicators of compromise associated with the latest RansomHub attack…

Kali Linux 2025.1a is now available.

2025 theme refreshKali Linux 2025.1a introduces an annual theme refresh, maintaining a modern interface.

Raspberry PiKali Linux 2025.1a introduces several key updates for Raspberry Pi images, aligning more closely with Raspberry Pi OS.

Additionally, a new 6.6.74-based kernel, also sourced from Raspberry Pi OS, is now included across all Kali Raspberry Pi images, bringing full support for the Raspberry Pi 5.

Kali NetHunterKali Linux 2025.1a brings exciting updates to Kali NetHunter, its mobile penetration testing platform.

The responsibility of cyber incident response falls squarely on the shoulders of the CISO.

But CISOs can improve their team’s response and reduce damage by avoiding these common pitfalls:Pitfall #1: Inadequate cyber incident response planningMany organizations still lack a well-defined incident response plan.

Additionally, an effective cyber incident response plan should be regularly reviewed and tested to ensure it aligns with evolving threats and business objectives.

Pitfall #3: Ineffective or delayed information sharingWhile the CISO might own cyber incident response, event response isn’t solely the responsibility of the security team.

While proactively addressing common pitfalls, organi…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

My Writings Are in the LibGen AI Training CorpusThe Atlantic has a search tool that allows you to search for specific works in the “LibGen” database of copyrighted works that Meta used to train its AI models.

(The rest of the article is behind a paywall, but not the search tool.)

Still…interesting.

Searching my name yields 199 results: all of my books in different versions, plus a bunch of shorter items.

Posted on March 21, 2025 at 2:26 PM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This is serious:A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories.

The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report.

[…]CISA confirmed the vulnerability has been patched in version 46.0.1.

Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community.

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama:Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries.

The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields.

We found that the skew toward WEIRD countries in UPS is greater than that in HCI.

Geographic and linguistic barriers in the stud…

New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.”Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology.

While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys.

In order to estimate the actual threat imposed by using those short keys, precise estimates for attacks are crucial.

In this work we provide optimized implementations of several widely used algorithms on GPUs, leading to interesting insights on the cost of brute force attacks on several real-word applica…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025.

I’m speaking at the University of Toronto’s Rotman School of Management in Toronto, Ontario, Canada, on April 3, 2025.

The list is maintained on this page.

Posted on March 14, 2025 at 12:03 PM • 1 Comments

There is a new botnet that is infecting TP-Link routers:The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically.

This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks.

The flaw also linked to the Condi and AndroxGh0st malware attacks.

[…]Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and tec…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Lots of interesting details in the story:The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year.

[…]According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media ou…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

How are these China-based phishing groups obtaining stolen payment card data and then loading it onto Google and Apple phones?

“I would be shocked if this wasn’t the NFC relay app,” Merrill said, concerning the arrested suspects in Tennessee.

ABC10 reported that while most of those transactions were declined, the suspects still made off with $1,400 worth of gift cards.

In other words, the phishing websites are powered by real human operators as long as new messages are being sent.

For more on how these China-based mobile phishing groups operate, check out How Phished Data Turns Into Apple and Google Wallets.

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections.

On March 13, a Maryland district court judge ordered the Trump administration to reinstate more than 130 probationary CISA employees who were fired last month.

The message in the screenshot above was removed from the CISA homepage Tuesday evening and replaced with a much shorter notice directing former CISA employees to contact a specific email address.

The White House press secretary told The Times that Starlink had “donated” the service and that the gift had been vetted by t…

ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots.

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks.

Earlier this month, the security firm Arctic Wolf warned about ClickFix attacks targeting people working in the healthcare sector.

The company said those attacks leveraged malicious code stitched into the widely used physical therapy video site HEP2go that redirected visitors to a ClickFix prompt.

Alas, the email security vendor Proofpoint has documented plenty of ClickFix attacks via phishing emails that include HTML attachm…

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows Server.

Microsoft credits researchers at ESET with reporting the zero-day bug labeled CVE-2025-24983, an elevation of privilege vulnerability in older versions of Windows.

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016.

This month’…

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations.

On March 7, the U.S. Department of Justice (DOJ) unsealed an indictment against Besciokov and the other alleged co-founder of Garantex, Aleksandr Mira Serda, 40, a Russian national living in the United Arab Emirates.

Since those penalties were levied, Garantex has processed more than $60 billion, according to the blockchain analysis company Elliptic.

Mira Serda is allegedly Garantex’s co-founder and chief commercial officer.

Federa…

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022.

“Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement,” LastPass said in a written statement.

But on Nov. 30, 2022, LastPass notified customers about another, far more serious security incident that the company said leveraged data stolen in the August breach.

Researchers found that many of the cyberheist victims had chosen master passw…

It is difficult to find another person connected to DOGE who has stronger ties to Musk than Branden Spikes.

In 2012, Spikes launched Spikes Security, a software product that sought to create a compartmentalized or “sandboxed” web browser that could insulate the user from malware attacks.

In 2016, Spikes Security was merged with another security suite called Aurionpro, with the combined company renamed Cyberinc.

The photo of Branden and Natalia above is from one such event in 2011 (tied to russianwhitenights.org, another Haldeman domain).

The Russian Heritage Foundation and the California Russian Association both promote the interests of the Russian Orthodox Church.

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.

Kaspersky began selling antivirus and security software in the United States in 2005, and the company’s malware researchers have earned accolades from the security community for many important discoveries over the years.

But in September 2017, the Department of Homeland Security (DHS) barred U.S. federal agencies from using Kaspersky software, mandating its removal within 90 days.

A second story claimed that Israeli spies caught Russian government hacke…

After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.

AT&T reportedly paid a hacker $370,000 to delete stolen phone records.

In several posts to an English-language cybercrime forum in November, Kiberphant0m leaked some of the phone records and threatened to leak them all unless paid a ransom.

The government states that Kiberphant0m privately demanded $500,000 from Victim-1, threatening to release all of the stolen phone records unless he was paid.

Days after he apparently finished communicating with Country-1’s military intelligence service, Wagenius Googled, ‘can ha…

The Trump administration has fired at least 130 employees at the federal government’s foremost cybersecurity body — the Cybersecurity and Infrastructure Security Agency (CISA).

APPOINTMENTSTrump’s efforts to grab federal agencies by their data has seen him replace career civil servants who refused to allow DOGE access to agency networks.

NextGov notes that the National Security Agency suspended her clearance in 2021, although the exact reasons that led to the suspension and her subsequent leave were classified.

DarkReading reports that Cairncross would share responsibility for advising the president on cyber matters, along with the director of cyber at the White House National Security Coun…

Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers.

After all, most one-time codes used for mobile wallet provisioning are generally only good for a few minutes before they expire.

Experts say the continued reliance on one-time codes for onboarding mobile wallets has fostered this new wave of carding.

Both companies could easily tell which of their devices suddenly have 7-10 different mobile wallets added from 7-10 different people around the world.

They could also recommend that financial institutions use more secure authentication methods for mobile wallet provisioning.

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies.

Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company.

But nearly a year later, Mozilla is still promoting it to Firefox users.

Mozilla offers Onerep to Firefox users on a subscription basis as part of Mozilla Monitor Plus.

Several readers have shared emails they received from Radaris after attempting to remove their personal data, and those messages show Radaris has been promoting Onerep.

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.

One vulnerability patched today that was publicly disclosed earlier is CVE-2025-21377, another weakness that could allow an attacker to elevate their privileges on a vulnerable Windows system.

“Accordingly, Microsoft assesses exploitation as more likely.”The SANS Internet Storm Center has a handy list of all the Microsoft patches released tod…

“I don’t think there’s a lot of money to be made in the com,” Rivage lamented.

2025-02-05 16:29:44 UTC vperked#0 they got this nigga on indiatimes man2025-02-05 16:29:46 UTC alexaloo#0 Their cropping is worse than AI could have done2025-02-05 16:29:48 UTC hebeatsme#0 bro who is that2025-02-05 16:29:53 UTC hebeatsme#0 yalla re talking about2025-02-05 16:29:56 UTC xewdy#0 edward2025-02-05 16:29:56 UTC .yarrb#0 rivagew2025-02-05 16:29:57 UTC vperked#0 Rivarge2025-02-05 16:29:57 UTC xewdy#0 diamondcdm2025-02-05 16:29:59 UTC vperked#0 i cant spell it2025-02-05 16:30:00 UTC hebeatsme#0 rivage2025-02-05 16:30:08 UTC .yarrb#0 yes2025-02-05 16:30:14 UTC hebeatsme#0 i have him added2025-02-05 16:30:2…

DeepSeek’s rapid rise caught the attention of the mobile security firm NowSecure, a Chicago-based company that helps clients screen mobile apps for security and privacy threats.

In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data.

“The DeepSeek iOS app globally disables App Transpo…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal.

Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors.

As researcher Randy McEoin explains in a blog post, cybercriminals infected the systems of LES Automotive, a company which provides a video services to help car dealerships market vehicles online.

Press Windows Button "Windows" + R 2.

And this is what is somewhat ingenious, because the malicious hackers have cleverly waltzed around the protection of traditional security tools.

If a PC is unfortunate enough to become infected by SectopRAT, malicious hackers can steal sensitive data from the infected computer s…

Graham wonders if AIs have feelings, and Mark introduces Graham to the reversal curse and explains why AIs don’t know what happened.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more informati…

An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration.

The emails, which have the subject line "Migrate to Coinbase wallet", have been sent out at a large scale claiming that court order has forced Coinbase to change the way it operates.

Coinbase will operate as a registered broker, allowing purchases, but all assets must move to Coinbase Wallet."

Recipients are urged to download the Coinbase Wallet app, and import the sequence of words into it - creating a new wallet for their funds.

The attacker can then plunder the account for NFTs and cryptocurrency, transferring them into a wallet that they solely control.

That's the warning that has been issued by the FBI, whose Denver Field Office raised the alarm about the danger of boobytrapped file-conversion tools being used to spread malware.

Marvin Massey, an assistant special agent at the FBI's Denver field office told the media that the scam has become "rampant" across the United States, and that an incident was recorded within the Denver Metro area in the last two weeks.

According to the FBI, many victims are not aware that their computers have become infected until it is too late.

"The best way to thwart these fraudsters is to educate people so they don't fall victim to these fraudsters in the first place," said FBI Denver Special Agent in Charge …

Leaving your 'cast powered on and connected to the 'net should be enough to pick up the fix.

The firmware update shifts the devices over to a new Google-owned certificate authority, with an expiry date of 2045.

Which means Chromecast users should have an extra 20 years to finish the binge of their favourite Netflix series, huzzah!

The news can't have come too soon for the many Chromecast users who have found themselves unable to stream their favourite TV shows, movies, and other media.

Many users have expressed their annoyance with Google about the length of time it has taken the tech giant to contact affected users.

Many users of second-generation Chromecast and Chromecast Audio streaming devices have discovered that their beloved dongles have gone belly-up and are showing error messages such as:"Untrusted device: [name] couldn't be verified.

Why, do a factory reset of course!

Stop right there - because Google is advising Chromecast owners to not make the mistake of thinking that performing a factory reset on their Chromecasts will fix the issue.

According to a report in The Verge some Chromecast users have received an apology email from Google for the inconvenience:We’re contacting you because of a disruption affecting Chromecast (2nd gen) and Chromecast Audio devices.

I think it's safe to predict tha…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Tripwire Enterprise – Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

In other words, if the company locked Lu out of its network, his logic bomb would lock everybody out.

Perhaps unwisely, Lu named his "kill switch" code "IsDLEnabledinAD" (an abbreviation for "Is Davis Lu enabled in Active Directory").

Sure enough, Lu's code activated on September 9, 2019, automatically when his employment was terminated, impacting thousands of Eaton's staff around the world.

Investigators found the code for Lu's malicious Java program on an internal Kentucky-based development server, and evidence that it was his user account that had been used to execute the malicious code on the company's production systems.

Nickolas Sharp was one the Ubiquiti staff assigned to investigate…

News and views from the world of artificial intelligence.

In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark wonders if a kung-fu kicking robot from Unitree is the hero that we need.

Graham gives an AI a Rorschach test and learns about “Norman” the psychopathic AI, and Mark discovers why we should actually be optimistic about AI.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham Clule…

Fireside chat with Graham Cluley about credential security in the age of AIWatch this video on YouTubeMake a note in your diary.

On Tuesday, March 18 2025, at 1pm EST, I will be joining the experts at Dashlane for an online chat all about credential security in the age of AI.

Here is the blurb:The credential security landscape is at a breaking point.

Join cybersecurity expert Graham Cluley and Dashlane CTO Frederic Rivain as they discuss AI’s impact on credential security and share valuable insights from our new State of Credential Security Report, including: How AI impacts phishing and credential risksHow credential security puts a burden on IT leaders and teamsHow to address the weaknesse…

Journey with us to Myanmar’s shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company’s mandatory hold time for tech support could lead to innocent users having their computers compromised.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Support the show:Sponsored by:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our we…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Недавно эксперты Глобального центра исследования и анализа угроз Kaspersky GReAT обратили внимание, что после атак шифровальщика-вымогателя Fog преступники публикуют не только украденные данные жертв, но и IP-адреса пострадавших компьютеров.

Ранее мы не замечали такой тактики у шифровальщиков.

Атаки с использованием Fog проводились против компаний, работающих в сферах образования, финансов и организации отдыха.

Зачем публиковать IP-адреса жертвНаши эксперты считают, что основная цель публикации IP-адресов — усиление психологического давления на жертв.

Это, в свою очередь, делает последствия публикации еще более неприятными, а следовательно, становится дополнительным фактором устрашения.

Отличная новость для всех пользователей Linux: в нашей линейке продуктов для частных пользователей появилось защитное решение Kaspersky для Linux.

Kaspersky для Linux поддерживает распространенные ключевые дистрибутивы — Ubuntu, ALT Linux, Uncom и РЕД ОС (64-битные версии).

Затем нужно скачать установочные файлы в зависимости от установленной у вас версии Linux: Kaspersky для Linux распространяется в пакетах форматов DEB и RPM.

В настоящее время набор функций, доступных пользователям Kaspersky для Linux, не зависит от выбранной подписки Kaspersky Standard, Kaspersky Plus или Kaspersky Premium.

Вы можете бесплатно ознакомиться с полной функциональностью Kaspersky для Linux в рамках пробной в…

В конце 2024 года наши эксперты обнаружили новый стилер Arcane — он умеет собирать множество различных данных с зараженного устройства.

Злоумышленники пошли дальше и выпустили загрузчик ArcanaLoader, который якобы скачивает читы, кряки и прочие «полезности» для геймеров, а на деле заражает устройство стилером Arcane.

Как распространяют стилер ArcaneВредоносная кампания, в которой мы обнаружили стилер Arcane, была активна еще до его появления на свет.

Функциональность его сводилась к запуску PowerShell для скачивания еще одного запароленного архива, внутри которого лежали два исполняемых файла: майнер и стилер VGS.

То есть под прицелом Arcane в основном русскоязычные геймеры.

Поэтому в данном материале я сосредоточусь исключительно на технологиях, облегчающих жизнь SIEM-аналитика, работающего с Kaspersky Unified Monitoring and Analysis (KUMA).

В результате аналитик получит краткую сводку, благодаря которой сможет принять точное и быстрое решение по реагированию на инцидент, что поможет повысить эффективность команды безопасности в целом.

В данный момент эта функция работает только на русском языке, однако в течение 2025 года мы планируем добавить эту технологию и в глобальную версию решения.

Аналитику также доступны и другие данные из Kaspersky Threat Intelligence, в том числе и созданные с использованием технологий искусственного интеллекта и анализа больших да…

Атака, произошедшая 14 марта, из другой лиги — злоумышленники скомпрометировали популярный процесс (GitHub Action) tj-actions/changed-files, который применяется более чем в 23000 репозиториев.

Они могут стартовать при наступлении каких-то событий в GitHub, например коммитов.

15 марта, спустя сутки после обнаружения инцидента, GitHub удалил процесс changed-files, в это время процессы CI/CD на его основе могли не функционировать.

В первую очередь надо обратить внимание на репозитории, в которых журналы CI публичны, во вторую — на приватные репозитории.

Важно, что требования по особому обращению с секретами распространяются не только на исходный код проекта, но и на процессы сборки.

С февраля многие пользователи жалуются на то, что на их Android-смартфонах внезапно появилось приложение Android System SafetyCore.

Назначение приложения описано расплывчато: «Обеспечивает технологию для работы функций, таких как «Предупреждения о деликатном контенте» в Google Messages».

SafetyCore работает на устройстве и не отправляет ни фотографий, ни информации о фотографиях на внешние серверы.

Пользователь должен кликнуть на изображение и подтвердить, что он действительно хочет увидеть «обнаженку», и тогда размытие пропадает.

Кроме SafetyCore, на телефоне столь же внезапно может оказаться приложение Android System Key Verifier.

Четыре из этих уязвимостей связаны с файловыми системами, причем три из них имеют одинаковый триггер, что может указывать на их использование в одной атаке.

Уязвимости в файловых системахДве из уязвимостей в системе NTFS позволяют злоумышленникам получить доступ к частям кучи (heap), то есть к динамически распределяемой памяти приложений.

Последняя уязвимость из списка активно эксплуатируемых, CVE-2025-26633 (также CVSS 7.0), позволяет обойти защитные механизмы Консоли управления Microsoft (Microsoft Management Console).

И еще одна уязвимость нулевого дняКроме шести уязвимостей, замеченных в реальных атаках, обновление от Microsoft закрывает и CVE-2025-26630 в Microsoft Access, которая пока…

Счастлива, что даже в такой стрессовой ситуации я сообразила, что не все нужно делать по указке из телефона.

Не связываться с Центробанком, даже если по телефону говорят, что надоДальше оператор второй линии сказал, что нам срочно нужно проверить, успели ли мошенники набрать на меня кредитов.

Бросай трубку, это мошенники!», — и я бы наверняка бросила.

Сейчас я понимаю, что идти в полицию нужно было сразу же после того, как я поняла, что мои «Госуслуги» взломали.

А если не в полицию, то как минимум в ближайшее отделение МФЦ.

4 марта Broadcom выпустила экстренные обновления для устранения трех уязвимостей — CVE-2025-22224, CVE-2025-22225 и CVE-2025-22226, которые затрагивают несколько продуктов VMware, включая ESXi, Workstation и Fusion.

Какие ошибки устранены VMwareНаиболее серьезная уязвимость CVE-2025-22224 в VMware ESXi и Workstation получила рейтинг CVSS 9.3.

Уязвимость CVE-2025-22225 в VMware ESXi (CVSS 8.2) позволяет злоумышленнику записать произвольный код в область ядра (arbitrary kernel write), то есть тоже подразумевает побег из «песочницы».

Этой уязвимости подвержены VMware ESXi, Workstation и Fusion.

Они неоднократно проводили атаки на среды ESXi в прошлом (RansomExx, ESXiArgs, Clop и так далее).

Как обокрали BybitКак и все крупные криптобиржи, Bybit использует многоуровневую защиту хранимой криптовалюты.

Но логическая бомба в нем срабатывала, только если адрес отправителя совпадал с адресом Bybit — в остальных случаях Safe{Wallet} работал как обычно.

Сразу после того как вывод средств с кошелька Bybit завершился, код на сайте Safe{Wallet} был, предположительно, заменен обратно на безобидную версию.

Случай с Bybit — не исключениеФБР официально заявило, что это ограбление — дело рук северокорейской группировки под кодовым названием TraderTraitor.

До налета на Bybit рекордом группы было похищение $540 млн из блокчейна Ronin Networks, связанного с игрой Axie Infinity.

Как именно действуют кибернегодяи и как работать с ИИ безопасно — читайте в этом материале.

А разница в том, как и что распространяли злоумышленники через эти сайты.

В итоге те получают возможность удаленно подключиться к компьютеру жертвы, которая остается даже без клиента DeepSeek в качестве утешения… Кстати, его вообще не существует для Windows.

При этом пост с рекомендацией фейкового сайта DeepSeek собрал 1,2 млн просмотров и больше сотни репостов.

]com, так и с… v3-deepseek[.]com!

Они активно распространяют вредоносное ПО под видом программ для обхода блокировок и делают это, шантажируя блогеров.

Распространяются такие программы органически: энтузиаст написал код, показал его своим друзьям, опубликовал видео на эту тему — и вуаля!

Блогер опубликовал несколько видео с инструкцией обхода блокировок, добавив в описание ссылку на вредоносный архив.

Согласно счетчику на самом сайте, на момент исследования программа для обхода блокировок была скачана как минимум 40 тысяч раз.

Дело в том, что кибернегодяи отправляли жалобы на видео с инструкциями по обходу блокировок от имени разработчиков этого ПО.

Поэтому злоумышленники и обратили внимание на технологию QR-кодов.

Кроме того, в этом случае меньше подозрений вызывает и запрос на ввод рабочего логина и пароля, за которыми, собственно, и охотятся злоумышленники.

Поэтому наши разработчики создали инструмент, позволяющий доставать из QR-кодов содержащийся в них URL и передающий их для дальнейшей проверки модулям антифишинга и эвристикам антиспама.

Технология не только позволяет извлекать URL из QR-кода, расположенного на картинке, но и проверяет PDF-файл, извлекая из него все ссылки из всех найденных в нем кодов.

Если ссылка признается фишинговой, то письму присваивается категория «фишинг» и далее оно обрабатывается в соответствии с настро…

Разберемся вместе, какие угрозы поджидают любителей конвертировать файлы быстро, бесплатно и онлайн и расскажем, как менять форматы безопасно.

Как конвертировать файлы локальноБезопаснее всего конвертировать файлы локально, то есть на своем устройстве и без использования сторонних сайтов.

Текстовые документы под Windows можно конвертировать и в WordPad — встроенном редакторе Windows, правда, он понимает существенно меньше типов файлов.

Все вышеперечисленные конвертеры — бесплатные и с открытым исходным кодом (FOSS) и поддерживают как минимум наиболее популярные операционные системы: Windows, macOS, Linux.

Дело в том, что файлы многих форматов представляют не что иное, как… сжатую папку с по…

Однако на деле это не так: при входе с Google OAuth применяется достаточно примитивная проверка.

Сводится она, как правило, к тому, что у пользователя есть доступ к почтовому адресу, который привязан к Google Workspace организации.

Дилан Эйри, обнаруживший данную уязвимость в Google OAuth (он же нашел и предыдущую, с фантомными аккаунтами), постарался продемонстрировать серьезность потенциальных последствий.

По словам исследователя, в Google пообещали когда-нибудь устранить обнаруженную им уязвимость в Google OAuth, правда, не уточнили, как именно они собираются это сделать.

При всем при этом защититься от атаки через уязвимость в Google OAuth достаточно просто, тут есть два не взаимоисключ…

That’s why we’re excited to introduce our inaugural State of AI Security report.

The State of AI Security report examines several AI-specific attack vectors including prompt injection attacks, data poisoning, and data extraction attacks.

Original AI Security ResearchThe Cisco AI security research team has led and contributed to several pieces of groundbreaking research which are highlighted in the State of AI Security report.

The State of AI Security report outlines several actionable recommendations, including managing security risks throughout the AI lifecycle, implementing strong access controls, and adopting AI security standards such as the NIST AI Risk Management Framework and MITRE A…

Cisco is bringing Secure Workload, Secure Access, and AI Defense into Security Cloud control, enhancing its capabilities and providing comprehensive management.

Unlike selective upgrades of network devices based on what features are needed in the field, the Quantum security threat would require all the devices to be upgraded.

This kind of unique hardware integrity measure must also be made Quantum safe to maintain the same level of trust in the Quantum Computing era.

Lastly, in my previous blog post on Quantum threat to network security, the threat to transport protocol security was highlighted along with the available solutions from Cisco.

So far, the solutions to address the threat to key negotiation were centered around various forms of Quantum Key Distribution methods.

Cisco is actively working on Quantum Safe Security solutions and is also inv…

Enter Cisco Secure Firewall 4225, which demonstrated exceptional performance in SE Labs’ rigorous Advanced Security Test, scoring 100% in protection accuracy.

In all cases with Cisco Secure Firewall, threats could not move beyond the earliest stage of the attack chain.

In all cases with Cisco Secure Firewall, threats could not move beyond the earliest stage of the attack chain.

With three classified as unknown, and according to SE Labs’ weighting system, Secure Firewall achieved a rating of 91%.

This report follows our recent Best Next Generation Firewall Award from SE Labs for Cisco Secure Firewall, our second year in a row receiving this excellent recognition.

Now, leveraging a single cloud service provider may allow you to overcome this challenge, but these native security controls tend to lack advanced capabilities seen in traditional networks.

What defenders tend to do is leverage traditional skills and products from the data center and migrate that into the cloud service provider.

Cisco provides mechanism that allows security practitioners and network operators to abstract the security elements from the cloud service provider.

This ensures cloud native capabilities are in place and the controls are consistent across all cloud service providers you may operate in.

Is it time to simplify cloud security without sacrificing security and the inher…

For the second time at Cisco Live APJC, the team was tapped to support the Cisco Live Melbourne 2024 conference.

SOC ReviewThe Cisco Live Security Operations Centre (SOC) has a mandate to ensure access to event services is delivered securely.

Cisco Secure Network AnalyticsCisco Secure Network Analytics (formerly known as Stealthwatch Enterprise) provides full visibility across the Conference network and uses advanced analytics to detect and respond to threats in real-time.

In the Cisco Live SOC, XDR is used as the triage platform.

The Cisco Security Cloud app, which is published on the Splunk base app store, is a single app to get data from Cisco Security tools into Splunk.

Before encryption data was transmitted in plain text, making it vulnerable to interception by cybercriminals.

When it comes to encryption, 13.0% of TLS 1.3 traffic is leveraging post-quantum encryption techniques.

Cisco Secure Firewall helps keep encrypted traffic safe by utilizing cryptographic acceleration hardware, which allows it to inspect encrypted traffic at scale.

This intelligence is integrated into Cisco Secure Firewall, allowing for faster threat protection and improved visibility.

Decryptable Traffic InspectionDecryption remains essential in cybersecurity despite analyzing encrypted traffic through metadata, such as packet size, timing, and destination patterns.

At Cisco, AI threat research is fundamental to informing the ways we evaluate and protect models.

This regular threat roundup shares useful highlights and critical intelligence from third-party threat research with the broader AI security community.

As always, please remember that this is not an exhaustive or all-inclusive list of AI threats, but rather a curation that our team believes is particularly noteworthy.

Notable threats and developments: February 2025Adversarial reasoning at jailbreaking timeCisco’s own AI security researchers at Robust Intelligence, in close collaboration with researchers from the University of Pennsylvania, developed an Adversarial Reasoning approach to automate…

The bottom line is clear: organizations deeply care about trust in their AI Supply Chain.

Understanding AI Supply Chain SecurityAt Cisco, we’ve observed firsthand that while organizations worry about various AI security concerns like prompt injections and jailbreaks, their security instincts first react to risks in the AI Supply Chain.

AI Supply Chain Security encompasses the practices and measures designed to protect enterprises and applications throughout the AI development and deployment process.

It is a strategic imperative to allow access, but also a security imperative to block the use of malicious models.” Sarah Winslow, Director | PSEC Emerging Technologies & AI, VeradigmIntroducing…

Each year, Cisco makes a point of selecting and recognizing a standout cybersecurity advocate who has earned the title of cybersecurity defender.

This is why Cisco’s 2025 EMEA Cybersecurity Defender of the Year award goes out to a team of practitioners at SAP Enterprise Cloud Services (ECS) whose contributions displayed an uncommon ability to raise the bar for overall security posture.

Partnering with Cisco to Overcome SAP ECS ChallengesAs one of the world’s leading deliverers of managed cloud services, SAP Enterprise Cloud Services can’t afford downtime.

For this reason, SAP Enterprise Cloud Service chose to partner with Cisco.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedIn…

In the previous blog, we talked about our overall approach to zero trust with Universal ZTNA and Hybrid Mesh Firewall.

The Hybrid Mesh Firewall isn’t just a product, it’s a shift in how we approach network security.

The heart of the Cisco Hybrid Mesh Firewall is Cisco’s Security Cloud Control management system.

This solution reflects our vision of integrating AI security seamlessly within the Hybrid Mesh Firewall, providing enterprises with the confidence to advance their AI initiatives securely.

Bringing the Vision to LifeThe Hybrid Mesh Firewall is the embodiment of Cisco’s commitment to redefining network security for the modern age.

A Growing Challenge in Cloud SecurityIn today’s fast-paced digital world, enterprises face a new urgency in cloud security.

Cisco and Wiz: Better TogetherIn response to this critical challenge, Cisco is excited to announce a strategic collaboration with Wiz, a leader in cloud security innovation.

Together, Cisco and Wiz aim to improve cloud security for enterprises that are contending with an evolving threat landscape marked by complexity and the introduction of new AI technology.

A Unified Vision for Secure Cloud EnvironmentsCisco and Wiz share a vision of enhancing cloud security with AI and for AI.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

This is where two emerging areas of innovation come into play: Hybrid Mesh Firewall and Universal ZTNA.

Hybrid Mesh Firewall: From Firewalls to “Firewalling”So, let’s start by clearly defining what each of these are – starting with Hybrid Mesh Firewall.

A traditional definition of a Hybrid Mesh Firewall is a multi-deployment of virtual, physical, cloud native and container native firewalls with a unified management plane.

Truly Universal Zero Trust Network AccessWhat does it mean to achieve Universal Zero Trust Network Access?

ConclusionIn today’s digital landscape, the combination of Universal Zero Trust Network Access and Hybrid Mesh Firewalls offers a powerful defense strategy.

Today’s Quantum Safe SolutionsWhile the quantum threat remains in the future, tech companies, standards bodies, and government entities have sought its mitigation for some time.

QKD, SKIP, ETSI, and the Ability to Share Keys Between EndpointsCisco then turned its attention to creating quantum-safe network transport protocols.

SKIP is an API enabling network devices to obtain quantum safe keys from an external key management system, such as QKD.

Key issues to consider include:How well do specific QKD solutions work?

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Network Security: Network security is all about keeping the connections between devices safe from threats.

Regular checks for vulnerabilities help identify weaknesses that could be exploited by cybercriminals, making it essential for maintaining a secure network.

Security Staffing: Having knowledgeable staff is key to a strong security strategy.

By maintaining detailed logs over an extended period, businesses can better investigate security incidents, understand their root causes, and improve their overall cybersecurity posture.

Check out our whitepaper, ‘Cybersecurity for businesses of all sizes: A blueprint for protection.’ShareShare:

When you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data while ensuring AI systems remain transparent and compliant. What you need in this time of new threats and complexity in securing interconnected AI applications is a proactive, innovative approach to stay ahead. The post AI innovation requires AI security: Hear what’s new at Microsoft Secure appeared first on Microsoft Security Blog.

Persistence mechanisms : Achieves persistence through the Windows service control manager (SCM) and uses watchdog threads to ensure self-reinstatement if removed.

: Achieves persistence through the Windows service control manager (SCM) and uses watchdog threads to ensure self-reinstatement if removed.

These commands include system reboot, log clearing, credential theft, executing applications, and manipulating system windows.

]cc Domain name C2Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from the Microsoft Threat Intelligence communit…

Microsoft uses a Coordinated Vulnerability Disclosure (CVD) process that recognizes security researchers while disclosing vulnerabilities in a responsible and timely manner.

In 2024, we announced expansions to several existing bounty programs, and launched a new Defender Bounty Program and AI Bounty Program.

This capability is part of our comprehensive strategy for vulnerability disclosure, which includes our Security Updates API and the human-readable vulnerability disclosures provided in the MSRC Security Update Guide.

More than 100 MAPP partners receive security vulnerability information from the MSRC in advance of Microsoft’s monthly security update release.

Also, follow us on LinkedIn …

A sample phishing email, purporting to be from a prospective guest.

Another sample phishing email, purportedly requiring the recipient to verify their Booking.com account.

In 2024, Storm-1865 targeted buyers using e-commerce platforms with phishing messages leading to fraudulent payment webpages.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

To hear stories and insights from the Microsoft Threat Intelligenc…

Its enhanced obfuscation techniques extend to its randomized approach for generating payloads to infect Xcode projects and for encoding its payloads.

Its command-and-control (C2) server is also active as of this writing and is downloading additional modules.

The next section provides more information about the sub-modules the script downloads from the C2 server as of this writing.

It then stores the extension list in a log file named /tmp/out.txt and uploads this file to the C2 server.

Figure 11. zshrc persistence methodDock methodIn this persistence method, the sub-module first downloads a signed dockutil tool from the C2 server.

The event highlighted our different perspectives and talents which are invaluable to drive innovation and progress across various industries.

By incorporating individuals with varied perspectives, experiences, and approaches within the cybersecurity workforce, we can enhance problem-solving capabilities and enhance strategic defenses.

Cybercriminals come from various cultures and backgrounds, bringing different perspectives.

Likewise, for AI, having different backgrounds and perspectives help with AI safety and biases.

32024 ISC2 Cybersecurity Workforce Study, ISC2.

In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information.

These files can also open sensitive data files, indicating their role in facilitating post-exploitation activities.

Microsoft Defender XDR detectionsMicrosoft Defender XDR customers can refer to the list of applicable detections below.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Micro…

Recent Silk Typhoon activitySupply chain compromiseSince late 2024, Microsoft Threat Intelligence has conducted thorough research and tracked ongoing attacks performed by Silk Typhoon.

In this reconnaissance activity, Silk Typhoon leveraged leaked corporate passwords on public repositories, such as GitHub, and were successfully authenticated to the corporate account.

Historical Silk Typhoon zero-day exploitationSince 2021, Silk Typhoon has been observed targeting and compromising vulnerable unpatched Microsoft Exchange servers, GlobalProtect Gateway on Palo Alto Networks firewalls, Citrix NetScaler appliances, Ivanti Pulse Connect Secure appliances, and others.

Learn moreFor the latest secu…

New generative AI models with a broad range of capabilities are emerging every week.

Our AI platform offerings (Azure AI Foundry and Azure OpenAI Service) are 100% hosted by Microsoft on its own servers, with no runtime connections to the model providers.

You can read more about how to do that here: Securing DeepSeek and other AI systems with Microsoft Security.

Using Microsoft Security to secure AI models and customer dataIn summary, the key points of our approach to securing models on Azure AI Foundry are:Microsoft carries out a variety of security investigations for key AI models before hosting them in the Azure AI Foundry Model Catalogue, and continues to monitor for changes that may im…

A multi-pronged approach to securing remote assistance with Zero TrustFor too long, remote assistance security has been presumed rather than intentionally designed into its architecture.

Discover how implementing Zero Trust can fortify your remote assistance security by visiting our Zero Trust Workshop, where you’ll find an interactive guide to embedding security into your IT operations.

Embedded security in remote assistance—building security into the very foundation of remote assistance tools, eliminating gaps that cyberattackers can exploit.

Remote Help: Secure remote assistance built for Zero TrustAs organizations work toward a Zero Trust model, secure remote assistance must align with …

eDiscovery allows you to easily search, collect, and review AI-based interactions across more than 25 AI applications.

We are excited to share more about new developments across Microsoft Security at Legalweek 2025.

Connect with members of the Microsoft Intelligent Security AssociationAt Microsoft we truly believe security is a team sport.

From our signature Pre-Day to demos and networking, discover how Microsoft Security can give you the advantage you need in the era of AI.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

We are excited to announce that Gartner has named Microsoft a Leader in the 2025 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms.

They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.

Microsoft Security Exposure Management is part of the unified security operations portal and provides a unified view of security posture across company assets and workloads.

The OT Security initiative improves your OT site security posture by monitoring and protecting OT environments in the organization, and employing network layer monitoring.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and upd…

From our signature Pre-Day to hands-on demos and one-on-one meetings, join the Microsoft experience at RSAC 2025 designed just for you.

Explore eventsKick things off at Microsoft Pre-DayThe Microsoft experience at RSAC 2025 begins with Microsoft Pre-Day on Sunday, April 27, 2025, at the Palace Hotel, just around the corner from the Moscone Center.

For the fourth year running, the keynote speech held on Microsoft Pre-Day will kick off the full lineup of Microsoft events and activities throughout RSAC 2025.

By joining us on Sunday, you’ll have the chance to hear directly from Microsoft Security business leaders—including Vasu Jakkal, Corporate Vice President, Microsoft Security Business; Char…

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372.

In device code phishing, threat actors exploit the device code authentication flow.

Device code phishing attack cycleStorm-2372 phishing lure and accessStorm-2372’s device code phishing campaign has been active since August 2024.

Legitimate device code authentication pageAdditionally, Microsoft observed Storm-2372 using Microsoft Graph to search through messages of the account they’ve compromised.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat In…

Microsoft Security provides threat protection, posture management, data security, compliance, and governance to secure AI applications that you build and use.

Customers today are building production-ready AI applications with Azure AI Foundry, while accounting for their varying security, safety, and privacy requirements.

azure AI content Safety Learn moreWith Azure AI Content Safety, built-in content filtering is available by default to help detect and block malicious, harmful, or ungrounded content, with opt-out options for flexibility.

For example, for high-risk AI apps, security teams can tag them as unsanctioned apps and block user’s access to the apps outright.

This is a quick overview…

Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of $12 million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who’s reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who’ve recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and rel…

Scam Detection in Google Messages uses powerful Google AI to proactively address conversational scams by providing real-time detection even after initial messages are received.

You can turn off Spam Protection, which includes Scam Detection, in your Google Messages at any time.

Scam Detection in Google Messages is launching in English first in the U.S., U.K. and Canada and will expand to more countries soon.

Scam Detection for callsMore than half of Americans reported receiving at least one scam call per day in 2024.

If enabled, Scam Detection will beep at the start and during the call to notify participants the feature is on.

This includes memory-safe languages, now including high-performance ones such as Rust, as well as safer language subsets like Safe Buffers for C++.

In Android for example, the increasing adoption of memory-safe languages like Kotlin and Rust in new code has driven a significant reduction in vulnerabilities.

In this way, policymakers will gain the technical foundation to craft effective policy initiatives and incentives promoting memory safety.

Importantly, our vision for achieving memory safety through standardization focuses on defining the desired outcomes rather than locking ourselves into specific technologies.

The goal would be to objectively compare the memory safety assurance of diff…

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…