Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 1 час назад
Nepenthes: бесконечный лабиринт для поимки ботов, обучающих ИИ
Nepenthes: бесконечный лабиринт для поимки ботов, обучающих ИИ Nepenthes: бесконечный лабиринт для поимки ботов, обучающих ИИ

Разработчик создал цифровую ловушку для AI-сканеров.

1 час назад @ securitylab.ru
Мемкоины на службе политики: Виталик Бутерин о новой угрозе коррупции
Мемкоины на службе политики: Виталик Бутерин о новой угрозе коррупции

Политизированные криптоактивы становятся инструментами для подкупа и манипуляций.

2 часа назад @ securitylab.ru
Имран Хан, VPN и цензура: Пакистан активно борется с цифровым сопротивлением
Имран Хан, VPN и цензура: Пакистан активно борется с цифровым сопротивлением

Как блокировки и штрафы меняют ландшафт онлайн-активизма в стране.

3 часа назад @ securitylab.ru
CISA на грани: как бюджетные сокращения угрожают кибербезопасности США
CISA на грани: как бюджетные сокращения угрожают кибербезопасности США CISA на грани: как бюджетные сокращения угрожают кибербезопасности США

Джен Истерли предупреждает о рисках для критической инфраструктуры.

4 часа назад @ securitylab.ru
Киберрабство в Азии: 6 стран раскрывают тайную империю мошенников
Киберрабство в Азии: 6 стран раскрывают тайную империю мошенников

История борьбы с лагерями кибермошенников, где люди теряют даже самих себя.

4 часа назад @ securitylab.ru
Let’s Encrypt прекращает рассылку уведомлений о сертификатах: что нужно знать
Let’s Encrypt прекращает рассылку уведомлений о сертификатах: что нужно знать

Какие шаги нужно предпринять сейчас, чтобы избежать проблем в будущем?

4 часа назад @ securitylab.ru
Водители как товар: новый поворот в крупнейшем расследовании автопрома
Водители как товар: новый поворот в крупнейшем расследовании автопрома Водители как товар: новый поворот в крупнейшем расследовании автопрома

Дело раскрывает масштаб сбора данных клиентов глобальных автопроизводителей.

5 часов назад @ securitylab.ru
CSS как прикрытие: хакеры массово захватывают чужие веб-ресурсы
CSS как прикрытие: хакеры массово захватывают чужие веб-ресурсы

Невидимые скрипты атакуют сайты по всему миру. Как защититься?

5 часов назад @ securitylab.ru
Запертые настройки: что скрывается за новой функцией Identity Check
Запертые настройки: что скрывается за новой функцией Identity Check

Ваш палец стал главным стражем смартфона.

5 часов назад @ securitylab.ru
438 миллионов номеров россиян продаются на черном рынке
438 миллионов номеров россиян продаются на черном рынке

Утечки данных в 2024 году: меньше атак, но больше потерь.

5 часов назад @ securitylab.ru
IT-воины КНДР превратили удаленную работу в инструмент шпионажа
IT-воины КНДР превратили удаленную работу в инструмент шпионажа

Как и для чего Северная Корея внедряет своих специалистов в компании США.

6 часов назад @ securitylab.ru
Шлюзы SMA 1000 на линии огня: хакеры атакуют через критическую уязвимость
Шлюзы SMA 1000 на линии огня: хакеры атакуют через критическую уязвимость Шлюзы SMA 1000 на линии огня: хакеры атакуют через критическую уязвимость

Компании по всему миру спешно обновляют системы, чтобы избежать последствий.

6 часов назад @ securitylab.ru
Кошка ‒ действительно жидкость: физик доказал, что мемы не врут
Кошка ‒ действительно жидкость: физик доказал, что мемы не врут

Почему же наши питомцы буквально просачиваются сквозь щели?

7 часов назад @ securitylab.ru
Взлом Ivanti: китайские хакеры нашли слабое звено в корпоративных сетях
Взлом Ivanti: китайские хакеры нашли слабое звено в корпоративных сетях

Две цепочки атак, которые потрясли облака.

7 часов назад @ securitylab.ru
На Reddit началось массовое движение против X и Meta
На Reddit началось массовое движение против X и Meta

Политика платформ привела к бойкоту со стороны реддиторов.

7 часов назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 9 часов назад
Как различные ИБ-инструменты помогают защищать интернет-трафик
Как различные ИБ-инструменты помогают защищать интернет-трафик Как различные ИБ-инструменты помогают защищать интернет-трафик

Схема инструментов защиты трафика на пути к серверуAnti-DDoS: грубая очисткаDDoS — распространенный вид атаки типа «отказ в обслуживании».

Такой вид Anti-DDoS работает только для веб-ресурсов и не подойдет для защиты целой подсети разнородных ресурсов.

В цепочке инструментов защиты Anti-Bot устанавливают строго после Anti-DDoS — так как, в отличие от последнего, модуль защиты от ботов модифицирует трафик.

Для WAF, как и для всех перечисленных средств защиты, возможно задать «черные» и «белые» списки.

Некоторые веб-приложения менее подвержены этой проблеме, так как используют распределенную отказоустойчивую архитектуру, другим необходимы внешние решения для защиты от перегрузки.

9 часов назад @ anti-malware.ru
Что будет в России с IP-телефонией после сентября 2025 года
Что будет в России с IP-телефонией после сентября 2025 года Что будет в России с IP-телефонией после сентября 2025 года

Чтобы осложнить жизнь мошенникам, использующим звонки с подменой номера, Минцифры хочет ужесточить лицензирование ряда сервисов с 1 сентября 2025 года.

Эту задачу должна была решить единая система «Антифрод», к созданию которой Минцифры приступило в середине года, и уже в декабре 2022-го она начала работать.

В июне 2024 года регулятор запретил операторам принимать звонки с номеров, которые не зарегистрированы в данной системе.

Новый порядок лицензирования, который вступает в силу с 1 сентября 2025 года, касается всех операторов, имеющих лицензии на звонки на мобильные и стационарные телефоны через интернет.

И то, и другое, и третье чревато дополнительными усилиями и, соответственно, затрата…

1 day, 6 hours назад @ anti-malware.ru
Конфигурационные файлы RDP в письмах: что стоит знать о рисках
Конфигурационные файлы RDP в письмах: что стоит знать о рисках Конфигурационные файлы RDP в письмах: что стоит знать о рисках

В статье разбираем таргетированную фишинговую атаку с использованием вектора «Rogue RDP», с которой столкнулись специалисты Центра противодействия киберугрозам Innostage SOC CyberART.

Атака заключалась в отправке конфигурационных файлов с расширением «.rdp» и персонифицированных учетных данных с просьбой подключиться ко внешнему терминальному серверу, а также в использовании, предположительно, домена «зомби-компании».

Образец письмаФайл «platforma-zakupki.rdp» представляет собой сконфигурированный файл для автоматического подключения по протоколу RDP к целевому терминальному серверу.

Внести в черные списки СЗИ и средств защиты конечных точек хеш-суммы вредоносных программ, указанные в разде…

2 days, 3 hours назад @ anti-malware.ru
25 актуальных курсов по информационной безопасности: платные и бесплатные, удалённые и очные
25 актуальных курсов по информационной безопасности: платные и бесплатные, удалённые и очные 25 актуальных курсов по информационной безопасности: платные и бесплатные, удалённые и очные

Поиск курсов по ИБ на Sravni.ru для специалистов с опытомАктуальные курсы по информационной безопасностиПрограммы по ИБ бывают разных форматов от разных организаций.

Курс по ИБ в «Академии информационных систем»На портале ФСТЭК России доступен актуальный список организаций, где можно обучиться по аттестованным ею или ФСБ программам.

Актуальные предложения от отечественных вендоров и компанийНа сайтах российских вендоров и организаций представлена более подробная информация об актуальных курсах по ИБ.

Курс «Введение в информационную безопасность»Основы безопасности и анонимности в сетиКурс, разработанный GeekBrains, предназначен для опытных и новичков.

Курс «Основы безопасности и анонимности…

2 days, 6 hours назад @ anti-malware.ru
Как организовать защиту компании от программ-шифровальщиков
Как организовать защиту компании от программ-шифровальщиков Как организовать защиту компании от программ-шифровальщиков

Как организовать защиту компании от шифровальщиков?

ВведениеПо данным Positive Technology за II квартал 2024 года, количество атак на компании в странах СНГ увеличилось в 2,6 раза в сравнении с прошлогодними показателями.

Типовой сценарий атаки программы-вымогателяЧтобы выстроить надёжную защиту ИТ-периметра компании, важно понимать, как действуют злоумышленники при атаке с помощью шифровальщиков.

5 шагов для защиты компании от шифровальщиковЗлоумышленники, которые атакуют компании с использованием программ-шифровальщиков, используют все векторы атаки — от социальной инженерии до эксплуатации 0-day уязвимостей.

Важно понимать, что она может меняться в зависимости от субъективных факторов, т…

3 days, 6 hours назад @ anti-malware.ru
Больше, чем просто мониторинг: какие задачи решает современный EDR
Больше, чем просто мониторинг: какие задачи решает современный EDR Больше, чем просто мониторинг: какие задачи решает современный EDR

Что же такое EDR, чем он отличается от EPP (Endpoint Protection Platform) и почему для защиты от современных атак этот элемент необходим не меньше, чем EPP?

Они уже давно перестали быть просто классическими антивирусами и являются мощными комбайнами, содержащими множество инструментов защиты и контроля.

Что такое EDR и какие у него преимуществаМы выяснили, что классический EDR — не замена EPP, но при этом дополняет его в части выявления сложных и неизвестных угроз.

Метод перехвата и мониторинга произвольных вызовов API-функций через модификацию таблицы адресов импорта (IAT) позволяет EDR выявлять подозрительное поведение в пользовательских процессах.

Чтобы обеспечить эффективное автоматичес…

3 days, 9 hours назад @ anti-malware.ru
Как эффективно развивать навыки в области информационной безопасности в России
Как эффективно развивать навыки в области информационной безопасности в России Как эффективно развивать навыки в области информационной безопасности в России

Специалисты в области ИБ должны не только обладать глубокими техническими знаниями, но и быть в курсе последних тенденций, технологий и методов защиты.

Быстрые изменения в цифровом ландшафте и развитие новых угроз ставят перед ними новые задачи, требуют постоянного обучения и адаптации.

Нужны люди, которые умеют широко мыслить, строить причинно-следственные связи, понимать, как сущности в ИБ взаимодействуют между собой.

Он считает, что специалисты по ИБ не в состоянии самостоятельно обезопасить компанию от внутренних и внешних угроз.

Илья Шабанов, генеральный директор «АМ Медиа»Ведущий также задал экспертам вопрос, насколько качественными являются курсы по ИБ на популярных образовательных п…

4 days, 2 hours назад @ anti-malware.ru
Сбой интернета в России в старый Новый год: поиск причины
Сбой интернета в России в старый Новый год: поиск причины Сбой интернета в России в старый Новый год: поиск причины

Он также не сообщал, что в Сети происходят какие-то странные явления.

Появилась версия о том, что в Сети проводят эксперименты.

Первая информация об инцидентеВ 18:07 в телеграм-канале «Телекоммуналка» появилась информация, что в момент аварии трафик на узле MSK-IX сократился с 5650,7 Гб/с до 3663,7 Гб/с.

Отметим, что в это время лично мы наблюдали на севере Москвы падение картографического сервиса GIS.ru на мобильной сети «Билайн».

В это же время в Сети появился комментарий, который дал изданию NEWS.ru зампредседателя комитета Госдумы по информационной политике Андрей Свинцов.

4 days, 5 hours назад @ anti-malware.ru
Сможет ли «Яндекс Документы. Новый редактор» стать полноценной заменой Google Docs
Сможет ли «Яндекс Документы. Новый редактор» стать полноценной заменой Google Docs Сможет ли «Яндекс Документы. Новый редактор» стать полноценной заменой Google Docs

Однако пользователи платных подписок на сервисы «Яндекс 360» могут развернуть новые «Яндекс Документы» внутри контура корпоративной сети.

Он минималистичный, но при этом эргономичный и не перегруженный.

Вот тут разница с прежней версией на ядре «Р7-Офиса» разительная, и не в пользу разработки «Яндекса».

Однако многие из недостатков (или, скорее, недоделок) можно простить за высокое быстродействие, даже с объемными документами и при одновременной работе нескольких человек.

Продукт быстро работает, в том числе с объемными документами, но он серьезно несбалансирован и в нем не хватает востребованных функций.

1 week, 1 day назад @ anti-malware.ru
Право второй руки: защитит ли инициатива Банка России граждан от мошенничества
Право второй руки: защитит ли инициатива Банка России граждан от мошенничества Право второй руки: защитит ли инициатива Банка России граждан от мошенничества

Одним из наиболее перспективных методов является так называемое «право второй руки», позволяющее блокировать переводы и запрашивать дополнительное подтверждение у клиента.

Он был запущен «Сбером» в декабре 2021 года и стал доступен как в мобильном приложении, так и в интернет-банке.

«Допускаю, что право второй руки если не в январе, то в феврале будет узаконено», — заявил он.

Сильные и слабые стороны права второй рукиКак и у любого подхода, у права второй руки есть свои преимущества и недостатки.

Сервис «Защита Близких»Хорошим примером «правила второй руки» может послужить бесплатный сервис «Т-Банка» под названием «Защита близких».

1 week, 1 day назад @ anti-malware.ru
Обзор WAF Dallas Lock 2.11, межсетевого экрана прикладного уровня
Обзор WAF Dallas Lock 2.11, межсетевого экрана прикладного уровня Обзор WAF Dallas Lock 2.11, межсетевого экрана прикладного уровня

Стандартная схема использования WAF Dallas LockВ шлюзе безопасности WAF Dallas Lock разграничены три роли ― администратор, аудитор и внутренний пользователь.

Логика интеграции WAF Dallas Lock c ЕЦУРешение интегрируется с Единым центром управления (ЕЦУ) Dallas Lock.

АрхитектураАрхитектура WAF Dallas Lock включает в себя два ключевых компонента, которые лицензируются отдельно: WAF и UTM.

Основные программные модули в WAF Dallas LockОсновными программными модулями шлюза безопасности WAF Dallas Lock являются «Информационная панель», «Журналы и статистика», «Настройки» и «Сеть».

Меню «Инспекция WAF» в консоли WAF Dallas LockДалее необходимо перейти в раздел «Ресурсы WAF», где непосредственно мож…

1 week, 2 days назад @ anti-malware.ru
Смогут ли UserGate DCFW завоевать рынок NGFW благодаря FPGA-ускорителям
Смогут ли UserGate DCFW завоевать рынок NGFW благодаря FPGA-ускорителям Смогут ли UserGate DCFW завоевать рынок NGFW благодаря FPGA-ускорителям

Вынужденный отказ от их использования недопустим, потому что на NGFW возложены фундаментальные функции современной защиты.

Новые устройства UserGate DCFW (UserGate, 13.11.2024)Для новой линейки UserGate DCFW представлены программно-аппаратные комплексы (ПАК) E1010, E3010, F8010 и FG.

Управление нодами осуществляется централизованно через UserGate Management Center, что позволяет рассматривать устройства UserGate NGFW как часть единой экосистемы продуктов UserGate SUMMA (NGFW, DCFW, SIEM, Log Analyzer, Client) с общей консолью управления.

Аппаратный FPGA-ускоритель для UserGate DCFWВ настоящее время FPGA-подсистема умеет обрабатывать функции Stateful Firewall (FW L3 / L4) — осуществлять пров…

3 weeks, 6 days назад @ anti-malware.ru
Обзор Security Vision 5 VM, автоматизированной платформы управления уязвимостями
Обзор Security Vision 5 VM, автоматизированной платформы управления уязвимостями Обзор Security Vision 5 VM, автоматизированной платформы управления уязвимостями

Среди продуктов на платформе Security Vision — Security Vision VM, комплексное программное обеспечение для управления уязвимостями.

Схема процесса управления уязвимостями в Security Vision VMРассмотрим подробнее Security Vision 5 VM и её функциональные возможности, отметим особенности, архитектуру и системные требования продукта.

Функциональные возможности Security Vision VMБазовые функции системы Security Vision VM можно разделить на четыре блока.

Автоматизация процессов управления уязвимостями в Security Vision VMАдминистратору системы доступны сотни различных действий в рамках автоматизации управления.

Пример интерактивных дашбордов в Security Vision VMСистема Security Vision VM также вз…

3 weeks, 6 days назад @ anti-malware.ru
Анализ развития ИТ в России за 2024 год: достижения и перспективы
Анализ развития ИТ в России за 2024 год: достижения и перспективы Анализ развития ИТ в России за 2024 год: достижения и перспективы

Подводя итоги 2024 года, на AM Live проанализировали тенденции на российском рынке информационных технологий в 2024 году, дали оценку главным вызовам и ключевым рискам.

Ключевые тренды и события 2024 годаПо мнению Максима Мораря, фокусировка на безопасности в разработке продуктов в 2024 году усилилась.

В эфире прозвучало, что в условиях рыночной турбулентности и ограничений компании находят не только риски, но и возможности для прорыва.

ВыводыВ ходе эфира были рассмотрены ключевые тенденции и проблемы, с которыми столкнулись ИТ-компании в России в 2024 году.

Участники эфира выразили оптимизм относительно перспектив ИТ-сектора в 2025 году, равно как и потенциала для развития и экспорта иннов…

4 weeks назад @ anti-malware.ru
Обзор BILLmanager 6 Enterprise, платформы для автоматизации управления ИТ-инфраструктурой
Обзор BILLmanager 6 Enterprise, платформы для автоматизации управления ИТ-инфраструктурой Обзор BILLmanager 6 Enterprise, платформы для автоматизации управления ИТ-инфраструктурой

BILLmanager 6 Enterprise — платформа для автоматизации управления ИТ-инфраструктурой из «одного окна», обеспечивающая оркестровку и анализ.

Интерфейс доступен на русском и английском языках, что делает взаимодействие с платформой комфортным как для локальных организаций, так и для международных.

Организация внутреннего сервис-провайдераBILLmanager 6 Enterprise предоставляет всё необходимое для организации полноценного внутреннего сервис-провайдера, объединяя ключевые инструменты для автоматизации и управления услугами.

Центр поддержкиАнализ использования имеющихся сервисов и внедрения новыхПри добавлении новых сервисов бизнесу часто требуется привлечение дополнительных ресурсов — виртуальны…

4 weeks назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 4 часа назад
Cговор менеджеров среднего звена одной зелёной и одной красной компании позволяет выводить миллионы со счетов россиян
Cговор менеджеров среднего звена одной зелёной и одной красной компании позволяет выводить миллионы со счетов россиян Cговор менеджеров среднего звена одной зелёной и одной красной компании позволяет выводить миллионы со счетов россиян

Как же связаны федеральный суд США, Washington Post, Мегафон и Альфа банк?

Итак: с момента ареста Анатолия и по сей день его сим карта находится в руках мошенников, аффилированных с Мегафоном.

Стоит ли говорить, что в течение двух месяцев эти деньги испарились, равно как и все личные средства со счетов.

Подтвердилось, что у Анатолия ранее не было подобных покупок и данное поведение по счету явно не характерно для него.

В связи с этим, от имени Анатолия Легкодымова просим Мегафон #megafon и Альфа банк #alfabank провести внутреннее расследование и разобраться.

4 часа назад @ habr.com
Один год вместе с LLM в кибербезопасности: как ИИ менял индустрию
Один год вместе с LLM в кибербезопасности: как ИИ менял индустрию Один год вместе с LLM в кибербезопасности: как ИИ менял индустрию

В этой статье разберём, какие инновации принесли LLM в кибербезопасность, выделим инсайты и ключевые технологические ограничения, с которыми будем разбираться в 2025 году.

Например, для оценки возможностей LLM в задачах поиска и эксплуатации проведено и опубликовано ещё одно исследование :Авторы разработали фреймворк SecLLMHolmes для автоматизированной оценки способностей LLM в задачах поиска и описания уязвимостей.

Исследователи взяли опубликованную ранее методику оценки возможностей LLM для поиска и эксплуатации уязвимостей, доработали её и улучшили в 20 раз показатели LLM в тестах.

Именно в классических вариантах, в которые играют реальные люди.

Большие языковые модели уже доказали свою …

9 часов назад @ habr.com
Capture the flag на ВДНХ. Как это было в 2024 и как принять участие в 2025 году
Capture the flag на ВДНХ. Как это было в 2024 и как принять участие в 2025 году Capture the flag на ВДНХ. Как это было в 2024 и как принять участие в 2025 году

Пользуясь статусом генерального партнера Кубка, под катом подводим итоги, а также рассказываем, как принять участие в Кубке в 2025 году.

В общей сложности в этом году зарегистрировалось 517 команд: 313 в академическом зачете, 72 - в школьном и еще 108 в смешанном.

Ссылка на задание и решениеhttps://github.com/C4T-BuT-S4D/ctfcup-2023-quals/tree/master/tasks/crp/murdata2023.

Из-за этой уязвимости представляется возможным провести SQL-инъекцию и произвести удаленную запись в файл PHP-Shell’a используя «Attach Database»Ссылка на задание и решениеhttps://github.com/C4T-BuT-S4D/ctfcup-2023-quals/tree/master/tasks/web/waf2024.

Ссылка на задание и решениеhttps://github.com/C4T-BuT-S4D/ctfcup-2024-q…

10 часов назад @ habr.com
CTF и нейросети: опыт решения задач по кибербезопасности с помощью ИИ
CTF и нейросети: опыт решения задач по кибербезопасности с помощью ИИ CTF и нейросети: опыт решения задач по кибербезопасности с помощью ИИ

В этой статье я попробовал разобраться, поможет ли ИИ в решении заданий на CTF-турнирах и с какими ограничениями можно столкнуться в моменте.

Эта же задача для GPT-4o:После долгого «общения» и следования инструкция от GPT-4o так и не удалось прийти к ответу.

Задача (номер флага) Нулевой флаг Первый флаг Второй флаг Третий флаг Четвертый флаг Ответ spbctf{Winter_Schnee} Найден через анализ hex-представления файла.

ВыводыНаше исследование выявило, что у различных моделей нейронных сетей, включая Llama 3.1, GigaChat и GPT-4o, существуют ограничения при решении задач CTF.

При этом среди протестированных моделей GPT-4o продемонстрировала более высокую производительность, решив задачи средней сло…

23 часа назад @ habr.com
NDR – следующий уровень развития сетевой безопасности
NDR – следующий уровень развития сетевой безопасности NDR – следующий уровень развития сетевой безопасности

Закономерным этапом развития сетевой защиты стали системы класса NDR, и в этой статье я остановлюсь на особенностях работы технологии подробнее: рассмотрю ключевые проблемы детектирования и реагирования на киберугрозы, отличие NDR от систем сетевой безопасности на базе сигнатурного анализа; разберу задачи, которые решает NDR, угрозы, которые может обнаружить NDR, расскажу о требованиях, которые аналитики предъявляют к NDR.

Детектирование угроз в зашифрованном трафикеК задаче детектирования угроз в зашифрованном трафике есть несколько подходов, самый очевидный – его расшифровка (decryption).

Подход часто используется в NDR и позволяет обеспечить детектирование угроз только на базе сетевой те…

1 day, 1 hour назад @ habr.com
Ревизор приехал: pg_anon проверяет, всё ли скрыто
Ревизор приехал: pg_anon проверяет, всё ли скрыто Ревизор приехал: pg_anon проверяет, всё ли скрыто

Всех этих проблем можно было избежать, если бы компании изначально уделяли должное внимание безопасности данных и внедряли соответствующие процедуры их обработки.

pg_anon как решениеЧто такое pg_anon и почему он появилсяПредставьте, что вы редактируете документальный фильм о реальной исторической личности.

Именно такой подход реализует pg_anon для данных в PostgreSQL.

А пока запомните главное: анонимизация данных – это не просто требование безопасности, это инструмент, который делает разработку более эффективной и безопасной одновременно.

Кейс-стади внедрения pg_anonВ этой части я хочу поделиться реальным опытом внедрения pg_anon в крупном медтех-проекте.

1 day, 1 hour назад @ habr.com
Биометрические методы аутентификации: небольшое исследование
Биометрические методы аутентификации: небольшое исследование Биометрические методы аутентификации: небольшое исследование

В этой статье я поделюсь результатами своего исследования – насколько безопасно это утверждение в контексте биометрической аутентификации и когда можно рекомендовать использовать подобные решения.

Кроме того, будут рассмотрены перспективные методы аутентификации, которые на данный момент находятся в активной разработке либо на этапе тестирования.

Многие компании уже используют такой способ аутентификации в основном в качестве дополнительного фактора.

ВыводыНесмотря на то, что в аутентификации с использованием биометрии есть ряд проблем, нельзя сказать, что она полностью скомпрометирована и не рекомендована к использованию.

В ближайшее время я пообщаюсь с сообществом spring security, возможн…

1 day, 3 hours назад @ habr.com
Как модуль распознавания речи в Solar Dozor 8.0 упрощает ̶ж̶и̶з̶н̶ь̶ работу офицеров безопасности
Как модуль распознавания речи в Solar Dozor 8.0 упрощает ̶ж̶и̶з̶н̶ь̶ работу офицеров безопасности Как модуль распознавания речи в Solar Dozor 8.0 упрощает ̶ж̶и̶з̶н̶ь̶ работу офицеров безопасности

К счастью, в новой версии Solar Dozor 8.0 появилась функция автоматического перевода речи в текст.

В этой статье я расскажу, как работает наш новый модуль распознавания звука, как выбрать подходящую модель распознавания и приведу пример реального кейса в части пресечения попыток злонамеренных действий сотрудников с его помощью.

Как мы реализовали перевод аудиозаписей в текст в Solar Dozor 8.0Функция перевода аудиозаписей в текст помогает в вопросах информационной, экономической и внутренней безопасности.

Как это работает в Solar DozorЧтобы перевести аудиозаписи в текст, офицеру ИБ нужно зайти в досье интересуемого человека, выбрать одну или несколько записей для распознавания.

Для того чтоб…

1 day, 5 hours назад @ habr.com
Обзор и карта рынка платформ для защиты ML
Обзор и карта рынка платформ для защиты ML Обзор и карта рынка платформ для защиты ML

Security VisionС ростом распространенности искусственного интеллекта (ИИ) и машинного обучения (ML) в бизнесе и промышленности, вопросы безопасности этих технологий становятся все более актуальными.

· Регулярно проводить аудиты безопасности и тестирование на проникновение, чтобы систематически идентифицировать и устранять уязвимости в инфраструктуре, новых данных и новых ML-моделях.

AI FirewallФильтрация вредоносных входных данных и запросов для защиты ИИ систем:AI-Powered Firewalls: Межсетевые экраны, использующие ИИ для фильтрации подозрительных данных.

Симуляция атак (Continuous Red Teaming)Постоянные симуляции атак на ИИ системы для выявления уязвимостей:Automated Red Teaming Platforms:…

1 day, 6 hours назад @ habr.com
Приключения с Xbox 360: долгий путь к RGH3
Приключения с Xbox 360: долгий путь к RGH3 Приключения с Xbox 360: долгий путь к RGH3

Дальше все пошло вообще не по плану: в дискорд-чате по Xbox 360 кто-то выложил купленные на eBay схемы плат для всех ревизий консоли.

К счастью, как и на предыдущих ревизиях, брутфорсом регистров HANA был обнаружен режим Bypass и для ревизии Corona.

Он расположен в самом начале NAND и в нем указана информация, откуда нужно загружать код SMC для южного моста и 2BL для CPU.

Как POST_OUT, так и PLL_BYPASS — сигналы low voltage (1,8 В на Slim, 1,2 В на Fat), поэтому хотелось бы использовать низковольтный порт (SMC_P0_GPIO).

Для Zephyr и Xenon, к сожалению, метод замедления с помощью PLL часто приводит к зависанию и сильно зависит от процессора и удачи.

1 day, 7 hours назад @ habr.com
Декларативная платформа управления доступом: от ролей к динамическим политикам
Декларативная платформа управления доступом: от ролей к динамическим политикам Декларативная платформа управления доступом: от ролей к динамическим политикам

Веду каналы "IT и жизнь": в телеграме и на Ютюб.

Доступ к тем же ресурсам мы определяем не ролями, а атрибутами в виде опыта работы и принадлежности к человеческому виду.

Например, клиент хочет выстраивать в политике доступа несколько сотен атрибутов, и в CEL возникают такие же проблемы, как и со следующим вариантом Casbin.

Дальше остаётся только сделать универсальный template и это не самая простая затея.

Он использовался как в движке политик, так и в аутентификации, чтобы хранить сессии, понимать, когда логинить пользователей.

1 day, 7 hours назад @ habr.com
Вложение с сюрпризом: очередная атака с помощью Rogue RDP
Вложение с сюрпризом: очередная атака с помощью Rogue RDP Вложение с сюрпризом: очередная атака с помощью Rogue RDP

На этот раз новый фишинг, но непростой, а с подвохом.

Вымышленный Иван пытался склонить наших коллег к подключению к стенду в соответствии с техническим заданием, но ничего не удалось.

При поиске будет видно, что это реальная компания, а не созданный неделю назад сайт — и жертва, скорее всего, поверит написанному.

Rogue RDP — это вектор атаки, при котором жертву склоняют подключиться к мошенническому терминальному серверу, в нашем случае через фишинговое письмо с вложением.

А что в коробке?

1 day, 9 hours назад @ habr.com
[Перевод] Станет ли ИИ катастрофой для сквозного шифрования?
[Перевод] Станет ли ИИ катастрофой для сквозного шифрования? [Перевод] Станет ли ИИ катастрофой для сквозного шифрования?

Недавно я обнаружил потрясающую новую статью How to think about end-to-end encryption and AI, написанную группой исследователей из Нью-Йоркского и Корнеллского университетов. Я очень рад прочтению этой статьи, потому что, хоть не согласен со всеми её выводами, она стала первой попыткой ответа на невероятно важные вопросы. С одной стороны, максимума мой интерес к этой теме достиг, когда были разработаны системы ИИ-помощников наподобие защиты от мошеннических звонков Google и Apple Intelligence. Обе эти системы нацелены на то, чтобы ИИ был задействован практически во всех частях телефона, даже в личных сообщениях. С другой стороны, я размышлял о негативном влиянии ИИ на конфиденциальность из-…

2 days, 3 hours назад @ habr.com
Kerberoasting (в т.ч. без пароля пользователя) + артефакты
Kerberoasting (в т.ч. без пароля пользователя) + артефакты Kerberoasting (в т.ч. без пароля пользователя) + артефакты

🔥Атака Kerberoasting позволяет злоумышленнику захватить сервисную УЗ путём запроса TGS с указанием имени этой сервисной УЗ и последующим брутфорсом билета.

В общем случае, Kerberoasting схож с атакой AS-Rep Roasting, но, грубо говоря, сдвинут на шаг вперед в контексте аутентификации Kerberos.

Однако, стоит обратить внимание на содержание запроса и ответа LDAP:Запрос:Видно, что мы делаем выборку по УЗ, у которых в атрибутах установлен параметр servicePrincipalName.

Kerberoasting без наличия доменного аккаунтаКак я говорил выше, нам необязательно иметь доступ к доменной УЗ для атаки.

Разбор трафика:Ниже приведен пример выполнения атаки, нацеленной на целый скоуп пользователейВидно, что в траф…

2 days, 4 hours назад @ habr.com
«Змеиная» дисциплина: как группировка DarkGaboon незаметно атаковала российские компании
«Змеиная» дисциплина: как группировка DarkGaboon незаметно атаковала российские компании «Змеиная» дисциплина: как группировка DarkGaboon незаметно атаковала российские компании

Что «змеиного» у этой группы киберпреступников, как им удавалось оставаться незамеченными и на чем все-таки попалась группировка – рассказываем в этой статье.

Первая обнаруженная атака и что в ней интересногоВ середине октября прошлого года мы зафиксировали таргетированную рассылку Revenge RAT сотрудникам одного российского банка.

Мы провели исследование и поняли, что аналогичная активность в отношении российских компаний прослеживается как минимум с мая 2023 года.

Перечисленные особенности, а также то что почти половина всех загрузок семплов на публичные сервисы проверки файлов приходится на Россию, указывают на явную направленность атак DarkGaboon на российские компании.

Вероятно, DarkGab…

2 days, 7 hours назад @ habr.com
Хакер Хакер
последний пост 1 час назад
FIDO2. Разбираемся со стандартами и будущим беспарольной аутентификации
FIDO2. Разбираемся со стандартами и будущим беспарольной аутентификации FIDO2. Разбираемся со стандартами и будущим беспарольной аутентификации

Раз­берем­ся в том, что такое FIDO2, как работа­ют про­токо­лы WebAuthn и CTAP, а так­же обсу­дим их внут­ренние механиз­мы защиты и сущес­тву­ющие ата­ки.

Па­роли дол­жны безопас­но хра­нить­ся, как на сто­роне поль­зовате­ля, так и на сто­роне сер­висов.

Беспарольная эволюцияС пароля­ми все ясно, воз­можно, они дей­стви­тель­но ста­ли боль­ше рис­ком, чем защитой, но что пред­лага­ется вза­мен?

В 2011 году в Motorola выпус­тили пер­вый смар­тфон со ска­нером отпе­чат­ка паль­цев, а еще через два года то же сде­лали и в Apple, снаб­див iPhone дат­чиком Touch ID.

Ито­го нуж­но запом­нить, что FIDO — это аль­янс, FIDO1 и FIDO2 — это про­екты, а не про­токо­лы; UAF, U2F, CTAP и WebAuthn всех …

1 час назад @ xakep.ru
Cisco патчит критическую уязвимость в Meeting Management
Cisco патчит критическую уязвимость в Meeting Management Cisco патчит критическую уязвимость в Meeting Management

Компания Cisco выпустила обновления для устранения критической уязвимости (9,9 балла по шкале CVSS) в Meeting Management.

Уязвимость получила идентификатор CVE-2025-20156 и описывается как недостаток повышения привилегий в REST API Cisco Meeting Management.

Успешное использование проблемы может позволить злоумышленнику получить административный контроль над граничными узлами, управляемыми Cisco Meeting Management».

CVE-2025-20156 затрагивает следующие версии продукта, независимо от конфигурации:Cisco Meeting Management версии 3.9 (исправлено в версии 3.9.1);Cisco Meeting Management версии 3.8 и более ранние (рекомендуется перейти на исправленную версию);Cisco Meeting Management версии 3.10 …

2 часа назад @ xakep.ru
Закажи бумажный спецвыпуск «Хакера»
Закажи бумажный спецвыпуск «Хакера» Закажи бумажный спецвыпуск «Хакера»

Второй бумажный спецвыпуск «Хакера», в котором собраны лучшие статьи за 2017–2019 годы с комментариями от авторов и редакторов, по-прежнему в продаже.

Напоминаем, что многие читатели уже получили свои экземпляры журнала, и найти их отзывы можно здесь.

Все статьи сопровождаются уникальными комментариями авторов и редакторов, которые позволят заглянуть за кулисы создания материалов и узнать больше о жизни редакции «Хакера» в те годы.

Каждый журнал бережно упакован в термоусадочную пленку, надежный картонный конверт и уже готов к отправке.

Если ты живешь далеко от пунктов выдачи заказов СДЭК, мы отправим спецвыпуск «Почтой России».

4 часа назад @ xakep.ru
Стилер Lumma распространяется через сотни сайтов, имитирующих Reddit и WeTransfer
Стилер Lumma распространяется через сотни сайтов, имитирующих Reddit и WeTransfer Стилер Lumma распространяется через сотни сайтов, имитирующих Reddit и WeTransfer

Исследователь из компании Sekoia обнаружил, что хакеры используют около 1000 страниц, имитирующих Reddit и файлообменный сервис WeTransfer.

Все фальшивые страницы, имитирующие Reddit, построены по схожему принципу: якобы это ветка обсуждения какой-то конкретной проблемы.

Обычно автор темы просит помощи с загрузкой определенного инструмента, а другой пользователь предлагает помочь, якобы заливая нужный софт на WeTransfer и публикуя ссылку.

Суммарно список начитывает 529 страниц, замаскированных под Reddit, и 407 страниц, выдающих себя за WeTransfer.

Отметим, что практически одновременно с этим открытием исследователи из Netskope Threat Labs предупредили, что стилер Lumma активно распространя…

6 часов назад @ xakep.ru
Суд запретил российским телеканалам судиться с Google где-либо кроме США или Великобритании
Суд запретил российским телеканалам судиться с Google где-либо кроме США или Великобритании Суд запретил российским телеканалам судиться с Google где-либо кроме США или Великобритании

По информации СМИ, Высокий суд Англии и Уэльса запретил российским телеканалам Russia Today, «Спас» и «Царьград» судиться с компанией Google по вопросу блокировки YouTube-каналов этих медиа.

Суды российских медиа с Google начались еще в 2020 году после блокировки аккаунтов телеканала «Царьград» и РИА ФАН на YouTube.

Целью иска было получение решения, которое запретит российским телеканалам предъявлять претензии к Google за пределами США и Британии.

Кроме того, отмечается, что в соглашении YouTube указано, что все споры с компанией регулируются английским законодательством.

При этом в Google отметили, что «Google и YouTube являются одними из немногих оставшихся платформ, предлагающих доступ …

8 часов назад @ xakep.ru
Корейский VPN-провайдер IPany пострадал от атаки на цепочку поставок и распространял малварь
Корейский VPN-провайдер IPany пострадал от атаки на цепочку поставок и распространял малварь Корейский VPN-провайдер IPany пострадал от атаки на цепочку поставок и распространял малварь

В целом первые признаки заражений были обнаружены еще в ноябре и декабре 2023 года, и исходили из Японии и Китая.

«Злоумышленники подменили легитимный установщик на собственный, который развертывал фирменный имплант группы — SlowStepper.

После запуска установщик загружал как настоящий VPN-продукт IPany, так и вредоносные файлы (включая svcghost.exe), которые помогали малвари закрепиться в системе.

«Полноценная и Lite-версия используют набор инструментов, написанных на Python и Go, которые позволяют осуществлять обширный сбор данных и шпионаж с помощью записи аудио и видео», — объясняют в ESET.

Исследователи уведомили представителей IPany об атаке на цепочку поставок, после чего вредоносный …

21 час назад @ xakep.ru
APT-группировка DarkGaboon атакует российские компании с 2023 года
APT-группировка DarkGaboon атакует российские компании с 2023 года APT-группировка DarkGaboon атакует российские компании с 2023 года

Эксперты Positive Technologies обнаружили новую APT-группировку DarkGaboon, которая атакует финансовые подразделения российских компаний, как минимум, с мая 2023 года.

Для злоумышленников характерно использование малвари Revenge RAT в сочетании с шаблонами финансовых документов, загруженными с легитимных российских ресурсов по финансовой тематике.

Атака началась с отправки электронного письма, которое содержало грамотный с точки зрения синтаксиса и пунктуации сопроводительный текст на русском языке и архив-приманку.

В ходе расследования эксперты установили, что аналогичная активность в отношении российских компаний прослеживается как минимум до мая 2023 года.

Более того, по данным экспертов…

22 часа назад @ xakep.ru
Adversary-in-the-Middle: эволюция фишинга. Колонка Дениса Макрушина
Adversary-in-the-Middle: эволюция фишинга. Колонка Дениса Макрушина Adversary-in-the-Middle: эволюция фишинга. Колонка Дениса Макрушина

MFA не дает ата­кующе­му вос­поль­зовать­ся укра­ден­ной учет­кой, потому что для дос­тупа к дан­ным тре­бует­ся вто­рой фак­тор, который оста­ется у сот­рудни­ка.

Тех­ники AitM осно­ваны на исполь­зовании прок­си‑инс­тру­мен­тов, сто­ящих меж­ду жер­твой и пор­талом для логина (нап­ример, SSO-пор­талом: Okta, Google Workspace и так далее).

То есть поль­зователь видит реаль­ную стра­ницу для логина, но где‑то меж­ду поль­зовате­лем и этой стра­ницей ата­кующий получа­ет под свой кон­троль поль­зователь­скую сес­сию.

Тех­ника «бра­узер посере­дине» осно­вана на интегра­ции инфраструк­туры ата­кующе­го в соеди­нение меж­ду бра­узе­ром жер­твы и целевым веб‑при­ложе­нием.

Как толь­ко жер­тва п…

1 day, 2 hours назад @ xakep.ru
В 7-Zip исправили уязвимость, связанную с обходом Mark of the Web в Windows
В 7-Zip исправили уязвимость, связанную с обходом Mark of the Web в Windows В 7-Zip исправили уязвимость, связанную с обходом Mark of the Web в Windows

В архиваторе 7-Zip обнаружена и исправлена уязвимость, которая позволяла обойти защитную функцию Mark of the Web (MotW) в Windows и выполнить код на компьютере жертвы.

Поддержка MotW появилась в 7-Zip в июне 2022 года, начиная с версии 22.00.

Как пишут исследователи из компании Trend Micro, недавно обнаруженная 7-Zip уязвимость (CVE-2025-0411) позволяла злоумышленникам обходить эти предупреждения и выполнять вредоносный код на компьютерах жертв.

При извлечении файлов из MotW-архива, 7-Zip не распространяет отметки MotW на извлеченные файлы.

«Файловый менеджер 7-Zip не распространял поток Zone.Identifier на извлеченные файлы из вложенных архивов», — объяснил Павлов.

1 day, 4 hours назад @ xakep.ru
Фальшивая CAPTCHA в Telegram вынуждает запускать вредоносные PowerShell-скрипты
Фальшивая CAPTCHA в Telegram вынуждает запускать вредоносные PowerShell-скрипты Фальшивая CAPTCHA в Telegram вынуждает запускать вредоносные PowerShell-скрипты

Хакеры воспользовались новостью о помиловании Росса Ульбрихта, чтобы заманивать пользователей в Telegram-канал, где их обманом вынуждают выполнить вредоносный PowerShell-код.

Так, злоумышленники оправдывают необходимость выполнения команд решением проблем с отображением контента в браузере или требуют, чтобы пользователь решил фальшивую CAPTCHA.

Мошенники используют фальшивые учтенные записи в X (бывший Twitter), выдавая себя за связанное с Россом Ульбрихтом движение Free Ross, направляя пользователей в якобы официальные Telegram-каналы.

В этом Telegram-приложении PowerShell-команда автоматически копируется в буфер обмена жертвы, и пользователю предлагают открыть Windows Run и выполнить ее,…

1 day, 6 hours назад @ xakep.ru
Android-малварь похитила у российских пользователей 40 млн рублей с помощью NFCGate
Android-малварь похитила у российских пользователей 40 млн рублей с помощью NFCGate Android-малварь похитила у российских пользователей 40 млн рублей с помощью NFCGate

Специалисты FACCT предупреждают, что Android-малварь, эксплуатирующая возможности опенсорсного приложения NFCGate и NFC, уже похитила у клиентов российских банков не менее 40 млн рублей.

NGate представляет собой вредоносную модификацию опенсорсного приложения NFCGate, которое в 2015 году создали студенты Дармштадтского технического университета, и оно предназначено для отладки протоколов передачи NFC-данных.

Преступники модифицировали исходный код NFCGate, добавив к нему интерфейсы с айдентикой финансовых организаций, и включили режим ретрансляции NFC-данных.

Кроме того, в состав приложения включена библиотека nfc-card-reader, которая позволяет хакерам удаленно получать номер карты и срок е…

1 day, 8 hours назад @ xakep.ru
Уязвимость в Cloudflare позволяет узнать местоположение пользователей Discord, Signal и X
Уязвимость в Cloudflare позволяет узнать местоположение пользователей Discord, Signal и X Уязвимость в Cloudflare позволяет узнать местоположение пользователей Discord, Signal и X

Издание 404 Media сообщило о проблеме в Cloudflare, которая позволяет узнать, какой дата-центр компании используется для кеширования того или иного изображения.

Так, если пользователь находится в Сан-Франциско, CDN Cloudflare использует ближайшую к нему часть своей CDN для ускорения доставки контента.

Как оказалось, благодаря этому посторонний человек мог узнать, какая часть CDN Cloudflare использовалась при передаче изображения, и на основании этого определить местоположение получателя.

В своем отчете Дэниел отмечает, что также протестировал проблему в Discord и X, убедившись, что она работает и в этих случаях.

Исследователь рассказывает, что еще в прошлом году он уведомил о проблеме разра…

1 day, 21 hours назад @ xakep.ru
Ботнет Murdoc эксплуатирует роутеры Huawei и IP-камеры Avtech
Ботнет Murdoc эксплуатирует роутеры Huawei и IP-камеры Avtech Ботнет Murdoc эксплуатирует роутеры Huawei и IP-камеры Avtech

Специалисты Qualys обнаружили новый ботнет Murdoc, который атакует уязвимости в IP-камерах Avtech и маршрутизаторах Huawei HG532.

Ботнет уже заразил более 1370 систем (в основном в Малайзии, Мексике, Таиланде, Индонезии и Вьетнаме).

Для получения первоначального доступа к IoT-устройствам ботнет использует известные уязвимости, включая CVE-2024-7029 и CVE-2017-17215.

Также отмечается, что операторы ботнета используют более 100 управляющих серверов, которые устанавливают связь со скомпрометированными девайсами и распространяют вредоносное ПО.

Хотя проблема затрагивает все IP-камеры Avtech AVM1203, работающие на прошивках до версии Fullmg-1023-1007-1011-1009, поддержка этих камер уже прекращен…

1 day, 22 hours назад @ xakep.ru
Запретный SDXL. Нарушаем правила и расширяем границы возможного при генерации картинок
Запретный SDXL. Нарушаем правила и расширяем границы возможного при генерации картинок Запретный SDXL. Нарушаем правила и расширяем границы возможного при генерации картинок

Борьба с выгораниемПри генера­ции кар­тинок модели с архи­тек­турой U-Net работа­ют, пос­тепен­но уда­ляя шум и вос­ста­нав­ливая из него детали.

Низкие значения CFG: высокая креативность, но низкий контрастНач­нем, пожалуй, с работы с низ­кими зна­чени­ями CFG.

Раз­работ­чики мно­гих моделей, опти­мизи­рован­ных под реализм, рекомен­дуют исполь­зовать понижен­ные зна­чения CFG для дос­тижения мак­сималь­ной фоторе­алис­тичнос­ти; более высокие зна­чения в таких моделях соз­дают более глад­кие, «син­тетичес­кие» изоб­ражения.

Все эти пре­иму­щес­тва дос­тига­ются при исполь­зовании сем­пле­ров клас­са CFG++ и при минималь­ных зна­чени­ях шка­лы CFG, в боль­шинс­тве слу­чаев мень­ших еди­ниц…

2 days, 1 hour назад @ xakep.ru
Фальшивый Homebrew заражает стилером машины под управлением macOS и Linux
Фальшивый Homebrew заражает стилером машины под управлением macOS и Linux Фальшивый Homebrew заражает стилером машины под управлением macOS и Linux

Злоумышленники используют рекламу в Google, чтобы маскироваться под сайт Homebrew и распространять малварь для Mac и Linux, которая ворует учетные данные, информацию из браузера и данные криптовалютных кошельков.

Этот инфостилер разработан для систем под управлением macOS и продается по подписке (1000 долларов в месяц).

Homebrew представляет собой сто­рон­ний пакет­ный менед­жер для macOS и Linux, и его популярность эксплуатируют преступники.

Однако на самом деле такие объявления перенаправляли жертв на фальшивый сайт Homebrew, расположенный по адресу brewe[.]sh.

К примеру, ранее специалисты находили похожую вредоносную рекламу, которая маскировалась даже под Google Authenticator и Google A…

2 days, 4 hours назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 3 часа назад
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations

A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network.

The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC, srsRAN – and three 5G implementations – Open5GS, Magma, OpenAirInterface, according to researchers from the University of Florida and North Carolina State University.

The findings have been detailed in a study titled "RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces."

T…

3 часа назад @ thehackernews.com
2025 State of SaaS Backup and Recovery Report
2025 State of SaaS Backup and Recovery Report 2025 State of SaaS Backup and Recovery Report

Amid these challenges, the 2025 State of SaaS Backup and Recovery Report offers a timely analysis of the SaaS data protection landscape.

For instance, 87% of IT professionals reported experiencing SaaS data loss in 2024, with malicious deletions as the leading cause.

Backup strategy adoption across SaaS platformsOrganizations leveraging SaaS applications report varying levels of backup strategy implementation:Microsoft 365 : 70% have a backup strategy in place, the highest among SaaS platforms.

:Key takeaways and recommendations from the 2025 State of SaaS Backup and Recovery ReportThe 2025 State of SaaS Backup and Recovery Report paints a vivid picture of the evolving SaaS data protection …

5 часов назад @ thehackernews.com
DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations
DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations

Jin and Pak have also been charged with conspiracy to violate the International Emergency Economic Powers Act.

Last week, the U.S. Treasury sanctioned two North Korean nationals and four companies based in Laos and China for their work on the IT worker scheme.

They also conspired to launder payments for the remote IT work through a variety of accounts designed to promote the scheme and conceal its proceeds.

"After being discovered on company networks, North Korean IT workers have extorted victims by holding stolen proprietary data and code hostage until the companies meet ransom demands.

In some instances, North Korean IT workers have publicly released victim companies' proprietary code."

6 часов назад @ thehackernews.com
Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations
Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations

Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations.

"When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you're outside of trusted locations," Google said in a post announcing the move.

It can be enabled by navigating to Settings > Google > All services > Theft protection > Identity Check.

"This threat actor has specialised in spreading malicious Chrome extensions to harvest sensitive data," the company said, describing the adversary as persistent.

"At the end of November 2024, th…

9 часов назад @ thehackernews.com
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be exploited to achieve arbitrary code execution.

"Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e.

.html(), .append(), and others) may execute untrusted code," according to a GitHub advisory released for the flaw.…

11 часов назад @ thehackernews.com
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features.

"These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News.

"Instead these were very well-known issues that we wouldn't expect to see even on a consumer-grade laptop.

These issues could allow attackers to evade even the most basic integrity protections, such as Secure Boot, and modify device firmware if exploited."

The company said it analyzed three firewall appliances from Palo Alto Networks, PA-3260, PA-1410, and PA-415, the first o…

1 day, 1 hour назад @ thehackernews.com
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks
Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer.

It's worth noting that a previous iteration of this technique, widely known as ClickFix, involved the execution of a Base64-encoded PowerShell script to trigger the Lumma Stealer infection.

"The Lumma Stealer operates using the malware-as-a-service (MaaS) model and has been extremely active in the past months.

Social engineering-oriented credential harvesting attacks have also been observed leveraging avatar provider Gravatar to mimic various legitimate services like AT&T, Comcast, Eastlink, Infinity, Kojeko, and Proton …

1 day, 1 hour назад @ thehackernews.com
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic.

According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.

The agent, a variant of a publicly available backdoor referred to as cd00r, waits for five different pre-defined parameters before commencing its operations.

A majority of the potentially impacted IP addresses are said to be Juniper routers acting as VPN gateways, with a second smaller cluster comprising those with an exposed NETCONF port.

"One of the most notable aspect…

1 day, 1 hour назад @ thehackernews.com
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads.

Both HellCat and Morpheus are nascent entrants to the ransomware ecosystem, having emerged in October and December 2024, respectively.

"An unusual characteristic of these Morpheus and HellCat payloads is that they do not alter the extension of targeted and encrypted files," Walter said.

Furthermore, Morpheus and HellCat samples rely on the Windows Cryptographic API for key generation and file encryption.

Data shared by NCC Group shows that a record 574 ransomware attacks were observed in December 202…

1 day, 2 hours назад @ thehackernews.com
How to Eliminate Identity-Based Threats
How to Eliminate Identity-Based Threats How to Eliminate Identity-Based Threats

Finally, there's a solution that marks a true paradigm shift: with modern authentication technologies, the complete elimination of identity-based threats is now within reach.

For the first time, prevention is not just a goal—it's a reality, transforming the landscape of identity security.

Characteristics of an Access Solution that Eliminates Identity-Based ThreatsLegacy authentication systems are ineffective at preventing identity-based attacks because they rely on security through obscurity.

The true elimination of identity-based threats requires an authentication architecture that makes entire classes of attacks technically impossible.

Identity Admins and Security Practitioners - Eliminat…

1 day, 5 hours назад @ thehackernews.com
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.

The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.

It's worth noting that CVE-2025-23006 does not affect its Firewall and SMA 100 series products.

The company credited the Microsoft Threat Intelligence Center (MSTIC) with discovering and reporting the security shortcoming.

"To minimize the potential impact of the vulnerability, please ensure that you restrict access to trusted sources for the Appliance Management Console (AMC) and Central Manag…

1 day, 6 hours назад @ thehackernews.com
New Research: The State of Web Exposure 2025
New Research: The State of Web Exposure 2025 New Research: The State of Web Exposure 2025

New research by web exposure management specialist Reflectiz reveals several alarming findings about the high number of website vulnerabilities organizations across many industries are needlessly exposing themselves to.

The realization that this practice is so widespread will cause many website owners to wonder what other surprises might be lurking in their web ecosystems and how large their web exposure footprint really is.

Taking simple steps like these will reduce their overall web exposure score.

Therefore, a publishing business looking to reduce its overall web exposure should prioritize best-practice training for staff in its marketing department.

As such insights pile up, it becomes …

1 day, 6 hours назад @ thehackernews.com
QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features
QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features QakBot-Linked BC Malware Adds Enhanced DNS Tunneling and Remote Access Features

Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader.

"BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber Intelligence team told The Hacker News.

The company noted that the BC module was found on the same infrastructure that was observed distributing another malware loader called ZLoader, which was recently updated to incorporate a Domain Name System (DNS) tunnel for command-and-control (C2) communications.

Originally conceived as a banking trojan, it was later adapted into a loader capable of delivering next…

1 day, 7 hours назад @ thehackernews.com
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances.

It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management.

"An attacker could exploit this vulnerability by sending API requests to a specific endpoint."

"A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management."

"An attacker could exploit this vulnerability by sending a high number of SIP requests to an affected system," it said.

1 day, 10 hours назад @ thehackernews.com
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware
TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks.

"This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th Threat Horizons Report.

TRIPLESTRENGTH engages in a trifecta of malicious attacks, including illicit cryptocurrency mining, ransomware and extortion, and advertising access to various cloud platforms, including Google Cloud, Amazon Web Services, Microsoft Azure, Linode, OVHCloud, and Digital Ocean to…

1 day, 11 hours назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост None
WeLiveSecurity
последний пост 2 months, 2 weeks назад
Life on a crooked RedLine: Analyzing the infamous infostealer’s backend
Life on a crooked RedLine: Analyzing the infamous infostealer’s backend Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

To limit any possible confusion, we will use the following terms consistently throughout the text: RedLine malware : The RedLine Stealer malware or a sample thereof.

RedLine backend : Collection of modules that provide authentication and functionality for the RedLine panel.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

Builder tab of the RedLine panelRedLine backendThe RedLine backend we analyzed in 2023 consists of two modules.

2 months, 2 weeks назад @ welivesecurity.com
ESET APT Activity Report Q2 2024–Q3 2024
ESET APT Activity Report Q2 2024–Q3 2024 ESET APT Activity Report Q2 2024–Q3 2024

ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April 2024 until the end of September 2024.

Additionally, China-aligned APT groups have been relying increasingly on the open-source and multiplatform SoftEther VPN to maintain access to victims’ networks.

For the first time, we saw an APT group – specifically ScarCruft – abusing Zoho cloud services.

Malicious activities described in ESET APT Activity Report Q2 2024–Q3 2024 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

Attack s…

2 months, 2 weeks назад @ welivesecurity.com
Jane Goodall: Reasons for hope | Starmus highlights
Jane Goodall: Reasons for hope | Starmus highlights Jane Goodall: Reasons for hope | Starmus highlights

The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversityRenowned ethologist and conservationist Jane Goodall offers a sobering, but hopeful reflection on the precarious state of our planet.

With ecosystems worldwide facing unprecedented threats from climate change, biodiversity loss, intensive farming, deforestation, and pollution, Earth is undergoing what scientists call the sixth mass extinction.

Unlike in the past, however, this one is driven by human activity, accelerating species loss at rates much faster than typical evolutionary processes.

Yet, Ms. Goodall – w…

2 months, 2 weeks назад @ welivesecurity.com
Month in security with Tony Anscombe – October 2024 edition
Month in security with Tony Anscombe – October 2024 edition Month in security with Tony Anscombe – October 2024 edition

Each month, ESET's Chief Security Evangelist Tony Anscombe will bring you a roundup of the latest cybersecurity news and insights – all in five or so minutes.

Let's cut to the chase now and review some of the most impactful cybersecurity stories of October 2024.

Recent weeks have also seen a number of damaging hacks and breaches, including one hitting American Water, the largest US water utility, and two incidents targeting The Internet Archive.

Meanwhile, lawmakers have also been busy this month, as Australia introduced its first cybersecurity legislation.

In the US, the Cybersecurity and Infrastructure Security Agency (CISA) proposed new security requirements to protect personal and gover…

2 months, 3 weeks назад @ welivesecurity.com
How to remove your personal information from Google Search results
How to remove your personal information from Google Search results How to remove your personal information from Google Search results

If not, consider requesting the removal of your personal information from search results.

What shows up in Google Search?

Unsurprisingly, the search results become more specific, showcasing how powerful search engines are at pinpointing someone’s data.

How to use Google’s “Results about you”To use this feature, you need to have a Google account.

For the browser version, follow these steps:Log into your Google account and click on your profile avatar.

2 months, 3 weeks назад @ welivesecurity.com
Don't become a statistic: Tips to help keep your personal data off the dark web
Don't become a statistic: Tips to help keep your personal data off the dark web Don't become a statistic: Tips to help keep your personal data off the dark web

The dark web is thrivingFirst things first: Contrary to popular assumption, the dark web is not illegal and it’s not populated solely by cybercriminals.

Even worse, 700 of these emails had passwords associated with them stored in plain text and exposed on dark web sites.

There are various ways your own data could end up in a dark web forum or site.

If you’re signed up to an identity protection or dark web monitoring service, it should flag any PII or other data it finds on the dark web.

See what’s lurking out there on the dark web right now and it may never get to that stage.

2 months, 3 weeks назад @ welivesecurity.com
Tony Fadell: Innovating to save our planet | Starmus highlights
Tony Fadell: Innovating to save our planet | Starmus highlights Tony Fadell: Innovating to save our planet | Starmus highlights

So what's the real story with methane and how exactly do the emissions of this powerful greenhouse gas accelerate climate change?

Increased awareness of methane’s potent warming effect and the urgency of reducing methane emissions have prompted a slew of methane-reducing initiatives.

To get a grip on the problem, however, the world first needs to identify emission sources with pinpoint accuracy.

This is where state-of-the-art satellite technology comes in.

In his talk, the legendary engineer and entrepreneur Tony Fadell talks about MethaneSAT, a pioneering satellite that orbits the planet in order to map and track the sources of methane emissions primarily from oil and gas operations, which…

2 months, 4 weeks назад @ welivesecurity.com
CloudScout: Evasive Panda scouting cloud services
CloudScout: Evasive Panda scouting cloud services CloudScout: Evasive Panda scouting cloud services

The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies.

CloudScout utilizes stolen cookies, provided by MgBot plugins, to access and exfiltrate data stored at various cloud services.

In February 2023, CloudScout modules and the Nightdoor implant were detected at what we suspect is a Taiwanese government entity.

The CloudScout module obtains a new configuration by continuously monitoring its working directory, looking for files with .dat extensions.

This package is stored in the resources section of CloudScout modules and is loaded at the beginning of the ModuleStart function.

2 months, 4 weeks назад @ welivesecurity.com
ESET Research Podcast: CosmicBeetle
ESET Research Podcast: CosmicBeetle ESET Research Podcast: CosmicBeetle

Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still compromise interesting targets, and achieve “stealth” by using odd, impractical and overcomplicated techniques.

Discussing further with ESET Research Podcast host and Distinguished Researcher Aryeh Goretsky, Jakub shared his view of CosmicBeetle’s encryption routine, information about their victimology, and details of their “involvement” with high-profile gangs such as LockBit and RansomHub.

For details on how this crude and clumsy threat actor, whose malicious tools are “riddled with bugs”, achieved to penetrate any of its targets, listen to this ESET Research Podcast episode…

3 months назад @ welivesecurity.com
Embargo ransomware: Rock’n’Rust
Embargo ransomware: Rock’n’Rust Embargo ransomware: Rock’n’Rust

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware.

C:\Windows\Debug\a.cacheRC4-encrypted Embargo ransomware.

C:\Windows\Debug\pay.exeDecrypted Embargo ransomware.

Tactic ID Name Description Resource Development T1587.001 Develop Capabilities: Malware Embargo group develops its custom toolkit – MDeployer, MS4Killer, and Embargo ransomware.

T1486 Data Encrypted for Impact Embargo ransomware encrypts files on compromised machines.

3 months назад @ welivesecurity.com
Google Voice scams: What are they and how do I avoid them?
Google Voice scams: What are they and how do I avoid them? Google Voice scams: What are they and how do I avoid them?

The classic Google Voice scam goes something like this:Setting up a Google Voice account .

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does..

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does.

Then they may do one of several things:Sell your Google Voice number and account to other scammersPlace vishing calls designed to scam victims, using your Google Voice accountEmbed your Google Voice number into email phishing or smishing messagesUse the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scamsUse the Google Voice num…

3 months назад @ welivesecurity.com
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first exploited after patches are made available (versus zero days, which are abused before patches are released).

The average time to exploit a software flaw has been shrinking considerably over the years – from 63 days in 2018-2019 all the way to only five days last year.

These and other figures in the report underscore a disconcerting trend: threat actors are rapidly getting better at spotting and weaponizing software vulnerabilities, which clearly poses an escalating threat to businesses and individuals alike.

What else did the report find and how does the market for zero-day exploits factor into…

3 months, 1 week назад @ welivesecurity.com
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7) Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship“Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.

Grooming, where an adult uses psychological tactics to gain a child’s trust in order to manipulate, exploit, or abuse them, is a pervasive problem these days.

It often occurs online, where predators may use social media, gaming platforms, or messaging apps to contact minorsIn this episode of Unlocked 403, Becks sat down with ch…

3 months, 1 week назад @ welivesecurity.com
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Although QR codes have been around since the 90s, quishing as a threat really started to appear during the pandemic.

Fraudsters leapt into action, sticking fake QR codes over the real ones.

There have been a number of reports about scammers targeting motorists via malicious QR codes stuck to parking meters.

If you’re uncomfortable scanning a QR code, consider using one of these alternatives to avoid the risk of interacting with a fraudulent code.

News of the latest QR quishing campaign will only increase calls for codes to be banned from public places.

3 months, 1 week назад @ welivesecurity.com
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

In this blog, we’ll explore cybersecurity internships, scholarships and apprenticeships as three great pathways, especially for young people, to jump-start their careers in this exciting and rewarding field.

For example, ESET currently runs Women in Cybersecurity scholarships for female undergraduates looking to pursue a career in cybersecurity in the UK , US, Canada and Australia.

Some cybersecurity apprenticeships prepare you for industry certifications that validate the training and expertise learned, enhancing employability further down the line.

Job security: Almost all industries require cybersecurity, including health, government, education, law, financial services, and manufacturing…

3 months, 1 week назад @ welivesecurity.com
Naked Security Naked Security
последний пост None
Help Net Security Help Net Security
последний пост 2 часа назад
North Korean IT workers are extorting employers, FBI warns
North Korean IT workers are extorting employers, FBI warns North Korean IT workers are extorting employers, FBI warns

The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world.

As the FBI previously noted, Democratic People’s Republic of Korea IT workers have been known to use the privileged access gained as contractors to enable DPRK’s malicious cyber intrusions.

“Some overseas-based DPRK IT workers have provided logistical support to DPRK-based malicious cyber actors, although the IT workers are unlikely to be involved in malicious cyber activities themselves.

And sometimes, when their true nature is discovered by the company, North Korean IT workers’ parting shot is to hold stolen proprietary data or code hostage.

“In…

2 часа назад @ helpnetsecurity.com
Aviat Networks enhances software cybersecurity offering
Aviat Networks enhances software cybersecurity offering Aviat Networks enhances software cybersecurity offering

Aviat Networks announced that it has enhanced its Secure Software Development Lifecycle (SSDLC) process and Software Vulnerability Alert (SVA) service designed to strengthen Aviat’s software and firmware development process to comply with latest cybersecurity requirements.

With the increasing number of vulnerabilities, threats and attacks, SSDLC and SVA are now seen as essential countermeasures to protect against software security threats for critical communications networks.

Aviat’s SSDLC is a structured process to improve cybersecurity for all Aviat products, built with independent 3rd party validation that integrates security at every stage of the software lifecycle, from definition, des…

8 часов назад @ helpnetsecurity.com
Nearly half of CISOs now report to CEOs, showing their rising influence
Nearly half of CISOs now report to CEOs, showing their rising influence Nearly half of CISOs now report to CEOs, showing their rising influence

CISOs report to the C-suite (Source: Splunk)82% of surveyed CISOs now report directly to the CEO, a significant increase from 47% in 2023.

In addition, 83% of CISOs participate in board meetings somewhat often or most of the time.

While 60% acknowledge that board members with cybersecurity backgrounds more heavily influence security decisions, only 29% of CISOs say their board includes at least one member with cybersecurity expertise.

For board members, it means committing to a security-first culture and consulting the CISO as a primary stakeholder in decisions that impact enterprise risk and governance.

They are less likely than other board members to express concern they are not doing eno…

11 часов назад @ helpnetsecurity.com
GUI frontends for GnuPG, the free implementation of the OpenPGP standard
GUI frontends for GnuPG, the free implementation of the OpenPGP standard GUI frontends for GnuPG, the free implementation of the OpenPGP standard

GnuPG is a free and comprehensive implementation of the OpenPGP standard.

It enables encryption and signing of data and communications, featuring a key management system and support for public key directories.

Its mission is to make GnuPG’s encryption tools accessible to everyone, regardless of their technical background.

KleopatraKleopatra is a versatile, open-source certificate manager and graphical front-end for cryptographic services, tailored for OpenPGP and S/MIME (X.509) certificates.

As part of the KDE ecosystem, it offers an intuitive interface for managing encryption keys, signing and verifying data, and securely encrypting or decrypting files and emails.

11 часов назад @ helpnetsecurity.com
Deepfakes force a new era in fraud detection, identity verification
Deepfakes force a new era in fraud detection, identity verification Deepfakes force a new era in fraud detection, identity verification

The rise in identity fraud over the past two years has significantly impacted all industries, especially finance, banking, fintech, and crypto, according to Regula.

That is why checking signal source integrity is crucial, as it helps ensure that no injection is done during the video session within the identity verification (IDV) process.

Businesses to strengthen biometric verification methodsAlso, businesses will further reinforce their biometric verification methods, such as facial recognition, fingerprint scanning, and voice identification, as they add additional defense.

Traditional threats like fake IDs and synthetic fraud still account for the majority of identity fraud attempts.

In th…

12 часов назад @ helpnetsecurity.com
New infosec products of the week: January 24, 2025
New infosec products of the week: January 24, 2025 New infosec products of the week: January 24, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Bitsight, DataDome, DigitalOcean, Lookout, and XONA Systems.

DataDome DDoS Protect detects application layer-based threatsDDoS Protect provides always-on, full-stack protection that detects and mitigates application layer-based threats, including evasive and short-lived Layer 7 DDoS attacks, within milliseconds.

Xona Platform simplifies user access deploymentXona Systems launched new Xona Platform.

Bitsight Instant Insights accelerates vendor risk assessmentsBitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities.

This targeted approach strengthens organi…

12 часов назад @ helpnetsecurity.com
Juniper enterprise routers backdoored via “magic packet” malware
Juniper enterprise routers backdoored via “magic packet” malware Juniper enterprise routers backdoored via “magic packet” malware

A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the devices’ memory and spawns a reverse shell when instructed to do so.

The J-magic malwareThe researchers found a sample of J-magic after it was uploaded to VirusTotal in September 2023 and set out to analyze it.

The triggering packet meets five specific “conditions” set out by the malware developer, but the reverse shell will only be created if the attacker can correctly answer a challenge.

“Magic packet” malware on the riseThe malicious agent, they discovered, is a custom variant of cd00r, which is an old open-source project that sou…

23 часа назад @ helpnetsecurity.com
Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

About CVE-2025-20156Cisco Meeting Management is a tool for monitoring and managing meetings running on Cisco Meeting Server, the company’s on-premises video meeting platform.

“A successful exploit could allow the attacker to gain administrator-level control over edge nodes that are managed by Cisco Meeting Management,” Cisco explained.

“Updated releases of Cisco Secure Endpoint Connector are available through the Cisco Secure Endpoint portal.

Depending on the configured policy, Cisco Secure Endpoint Connector will automatically update,” Cisco says.

“Affected releases of Cisco Secure Endpoint Connector clients for Cisco Secure Endpoint Private Cloud have been updated in the connector reposit…

1 day, 3 hours назад @ helpnetsecurity.com
Appdome Threat Dynamics analyzes and ranks mobile threats
Appdome Threat Dynamics analyzes and ranks mobile threats Appdome Threat Dynamics analyzes and ranks mobile threats

Appdome announced that a new AI-Native threat-management module called Threat Dynamics will be offered inside Appdome’s ThreatScope Mobile XDR.

“On top of lightning-fast incident response, mobile businesses want to benchmark their mobile defense posture against the industry and preempt mobile threats before they escalate,” said Tom Tovar, CEO of Appdome.

With Appdome Threat Dynamics, mobile businesses can now leverage the biggest and most diverse data stream of mobile fraud and threat events in the digital economy to take a holistic and continuous approach to threat management.

However, point products aimed at mobile app security, mobile fraud prevention, KYC checks, and mobile identity onl…

1 day, 7 hours назад @ helpnetsecurity.com
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers.

About CVE-2025-23006SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere.

The SMA 1000 series of appliances is aimed at large distributed enterprises of up to thousands of employees.

CVE-2025-23006 is a deserialization of untrusted data vulnerability in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), and can be exploited by remote, unauthenticated attackers to execute arbitrary OS commands, if specific (cu…

1 day, 7 hours назад @ helpnetsecurity.com
DigitalOcean Per-Bucket Access Keys boosts object storage security
DigitalOcean Per-Bucket Access Keys boosts object storage security DigitalOcean Per-Bucket Access Keys boosts object storage security

DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service.

Prior to the introduction of Per-Bucket Access Keys, many customers chose to limit the types of applications they ran on DigitalOcean infrastructure to those without object storage requirements or with minimal access management requirements in order to better control access to their object data.

Application-specific access : Help reduce the impact of a compromised access key by limiting its scope to a single bucket.

“Spaces Per-Bucket Access Keys has significantly enhanced our infrastructure capabilities.

“This enhanced control provides clarity, ultimately improving our workflows…

1 day, 8 hours назад @ helpnetsecurity.com
Bitsight Instant Insights accelerates vendor risk assessments
Bitsight Instant Insights accelerates vendor risk assessments Bitsight Instant Insights accelerates vendor risk assessments

Bitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities.

Instant Insights, part of Bitsight IQ, delivers critical information in seconds—dramatically reducing the hours or even days typically spent on manual review.

We’re excited to empower GRC teams with an AI-driven solution that removes tedious work, accelerates vendor onboarding and risk assessments.

Key benefits of Instant Insights include:Accelerated vendor assessments: Reduces document review time from hours to minutes.

Instant Insights for SOC 2 is available now as part of Bitsight’s Vendor Risk Management (VRM) platform at no additional cost for existing customers.

1 day, 8 hours назад @ helpnetsecurity.com
Defense strategies to counter escalating hybrid attacks
Defense strategies to counter escalating hybrid attacks Defense strategies to counter escalating hybrid attacks

In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and offers advice on how organizations can protect themselves against hybrid attacks.

Behavioral analysis is particularly effective in this context, as it focuses on the operational habits and strategic objectives of threat actors.

Can you discuss the role of threat actor profiling in identifying hybrid operations that blend espionage and financial motives?

Yes, there are several notable cases where advanced forensic techniques were crucial in identifying threat actors.

How should organizations adjust their defense strateg…

1 day, 11 hours назад @ helpnetsecurity.com
Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning

The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception.

The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and deception techniques.

It features a built-in crawler to discover additional URLs for testing.

The tool is designed to adapt to specific web caches for enhanced testing efficiency, is customizable, and integrates into existing CI/CD pipelines.

FeaturesAnalyzing a web cache before testing and adapting to it for more efficient testingGenerating a report in JSON formatCrawling websites for further URLs to scanRouting traffic through a proxyLimiting requests per…

1 day, 11 hours назад @ helpnetsecurity.com
CISOs are juggling security, responsibility, and burnout
CISOs are juggling security, responsibility, and burnout CISOs are juggling security, responsibility, and burnout

72% of security leaders agree that the age of AI necessitates a complete reset of how organizations approach application security, according to Cycode.

Instead of layering more tools, CISOs should focus on consolidating their security stack and adopting solutions that are secure by design.

Surveys show that 99% of CISOs work extra hours every week, and 1 in 5 work an extra 25 hours per week.

Despite global information security spending projected to reach $215 billion in 2024, 44% of CISOs surveyed reported they were unable to detect a data breach in the last 12 months using existing security tools, according to Gigamon.

56% of the surveyed CISOs admit discomfort with their current incident …

1 day, 12 hours назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 5 months назад
How Immigration Can Solve America’s Cybersecurity Shortage
How Immigration Can Solve America’s Cybersecurity Shortage How Immigration Can Solve America’s Cybersecurity Shortage

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

5 months назад @ itsecurityguru.org
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

5 months назад @ itsecurityguru.org
The 8 Most Common Website Design Mistakes According to Pros
The 8 Most Common Website Design Mistakes According to Pros The 8 Most Common Website Design Mistakes According to Pros

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

5 months назад @ itsecurityguru.org
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

5 months, 1 week назад @ itsecurityguru.org
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

5 months, 1 week назад @ itsecurityguru.org
AI-powered cyber threats are too overpowering for over 50% of security teams
AI-powered cyber threats are too overpowering for over 50% of security teams AI-powered cyber threats are too overpowering for over 50% of security teams

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

5 months, 1 week назад @ itsecurityguru.org
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

5 months, 1 week назад @ itsecurityguru.org
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

5 months, 2 weeks назад @ itsecurityguru.org
Kicking cyber security down the road can come back to bite you
Kicking cyber security down the road can come back to bite you Kicking cyber security down the road can come back to bite you

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

5 months, 2 weeks назад @ itsecurityguru.org
What skills can cyber security experts develop to adapt to AI and quantum computing?
What skills can cyber security experts develop to adapt to AI and quantum computing? What skills can cyber security experts develop to adapt to AI and quantum computing?

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

5 months, 2 weeks назад @ itsecurityguru.org
HealthEquity Data Breach Compromises Customer Information
HealthEquity Data Breach Compromises Customer Information

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

5 months, 4 weeks назад @ itsecurityguru.org
Accenture and SandboxAQ Expand Cybersecurity Partnership
Accenture and SandboxAQ Expand Cybersecurity Partnership

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

5 months, 4 weeks назад @ itsecurityguru.org
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

5 months, 4 weeks назад @ itsecurityguru.org
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

5 months, 4 weeks назад @ itsecurityguru.org
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

5 months, 4 weeks назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост None
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост None
Schneier on Security Schneier on Security
последний пост 1 day, 1 hour назад
Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)
Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) at Johns Hopkins University’s Bloomberg Center in Washington DC.

Elections would look different.

Also, we could start from scratch without having to worry about evolving our current democracy into this imagined future system.

IWORD 2024 was easily the most intellectually stimulating two days of my year.

Summaries of all the IWORD 2024 talks are in the first set of comments below.

1 day, 1 hour назад @ schneier.com
AI Will Write Complex Laws
AI Will Write Complex Laws AI Will Write Complex Laws

Because polarization and divided government are increasingly entrenched in the US, the demand for complex legislation at the federal level is likely to grow.

Either way, the Court’s ruling implied that law should become more complex and that Congress should increase its policymaking capacity.

A continuing stream of Supreme Court decisions handing victories to unpopular industries could be another driver of complex law, adding political pressure to pass legislative fixes.

When Congress does take on the task of writing complex legislation, it’s quite likely it will turn to AI for help.

Numerous software vendors are already marketing AI legislative analysis tools.

2 days, 4 hours назад @ schneier.com
AI Mistakes Are Very Different from Human Mistakes
AI Mistakes Are Very Different from Human Mistakes AI Mistakes Are Very Different from Human Mistakes

Over the millennia, we have created security systems to deal with the sorts of mistakes humans commonly make.

But it’s not the frequency or severity of AI systems’ mistakes that differentiates them from human mistakes.

We need to invent new security systems that adapt to these differences and prevent harm from AI mistakes.

We expect human mistakes to be clustered: A single calculus mistake is likely to be accompanied by others.

When it comes to catching AI mistakes, some of the systems that we use to prevent human mistakes will help.

3 days, 4 hours назад @ schneier.com
Biden Signs New Cybersecurity Order
Biden Signs New Cybersecurity Order Biden Signs New Cybersecurity Order

President Biden has signed a new cybersecurity order.

It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide.

Some details:The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents­—namely, the security failures of federal contractors.

The Cybersecurity and Infrastructure Security Agency would be tasked with double-checking these security attestations and working with vendors to fix any problems.

The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.

4 days, 4 hours назад @ schneier.com
Friday Squid Blogging: Opioid Alternatives from Squid Research
Friday Squid Blogging: Opioid Alternatives from Squid Research Friday Squid Blogging: Opioid Alternatives from Squid Research

Is there nothing that squid research can’t solve?

“If you’re working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain,” he said.

[…]Researchers hope to mimic how squid and octopus use RNA editing in nerve channels that interpret pain and use that knowledge to manipulate human cells.

6 days, 18 hours назад @ schneier.com
Social Engineering to Disable iMessage Protections
Social Engineering to Disable iMessage Protections Social Engineering to Disable iMessage Protections

Social Engineering to Disable iMessage ProtectionsI am always interested in new phishing tricks, and watching them spread across the ecosystem.

A few days ago I started getting phishing SMS messages with a new twist.

They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website.

But because they came from unknown phone numbers, the links did not work.

I don’t know; I would have expected to have seen it before last weekend.

1 week назад @ schneier.com
FBI Deletes PlugX Malware from Thousands of Computers
FBI Deletes PlugX Malware from Thousands of Computers FBI Deletes PlugX Malware from Thousands of Computers

According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software.

First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct.

Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX.

Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.

1 week, 1 day назад @ schneier.com
Phishing False Alarm
Phishing False Alarm Phishing False Alarm

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 2 days назад @ schneier.com
Upcoming Speaking Engagements
Upcoming Speaking Engagements Upcoming Speaking Engagements

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025.

I’m also signing books there on Saturday, February 8, starting at 1:45 PM.

I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025.

I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025.

Posted on January 14, 2025 at 12:05 PM • 0 Comments

1 week, 2 days назад @ schneier.com
The First Password on the Internet
The First Password on the Internet The First Password on the Internet

It was created in 1973 by Peter Kirstein:So from the beginning I put password protection on my gateway.

This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password.

In fact this was the first password on Arpanet.

It proved invaluable in satisfying authorities on both sides of the Atlantic for the 15 years I ran the service ­ during which no security breach occurred over my link.

I also put in place a system of governance that any UK users had to be approved by a committee which I chaired but which also had UK government and British Post Office representation.

1 week, 3 days назад @ schneier.com
Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Not sure this will matter in the end, but it’s a positive move:Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content.

The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, said Steven Masada, the assistant general counsel for Microsoft’s Digital Crimes Unit.

They then compromised the legitimate accounts of paying customers.

They combined those two things to create a fee-based platform people could us…

1 week, 4 days назад @ schneier.com
Friday Squid Blogging: Cotton-and-Squid-Bone Sponge
Friday Squid Blogging: Cotton-and-Squid-Bone Sponge Friday Squid Blogging: Cotton-and-Squid-Bone Sponge

News:A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests.

[…]The study tested the material in an irrigation ditch, a lake, seawater and a pond, where it removed up to 99.9% of plastic.

It addressed 95%-98% of plastic after five cycles, which the authors say is remarkable reusability.

The sponge is made from chitin extracted from squid bone and cotton cellulose, materials that are often used to address pollution.

Cost, secondary pollution and technological complexities have stymied many other filtration systems, but …

1 week, 6 days назад @ schneier.com
Apps That Are Spying on Your Location
Apps That Are Spying on Your Location Apps That Are Spying on Your Location

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics:The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

Because much of the collection is occurring through the advertising ecosystem­—not code developed by the app creators themselves—­this data collection is likely happening both without users’ and even app developers’ knowledge.

2 weeks назад @ schneier.com
Zero-Day Vulnerability in Ivanti VPN
Zero-Day Vulnerability in Ivanti VPN Zero-Day Vulnerability in Ivanti VPN

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks назад @ schneier.com
US Treasury Department Sanctions Chinese Company Over Cyberattacks
US Treasury Department Sanctions Chinese Company Over Cyberattacks US Treasury Department Sanctions Chinese Company Over Cyberattacks

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 3 days назад @ schneier.com
Krebs On Security
последний пост 2 days, 1 hour назад
MasterCard DNS Error Went Unnoticed for Years
MasterCard DNS Error Went Unnoticed for Years MasterCard DNS Error Went Unnoticed for Years

After enabling a DNS server on akam.ne, he noticed hundreds of thousands of DNS requests hitting his server each day from locations around the globe.

Had he enabled an email server on his new domain akam.ne, Caturegli likely would have received wayward emails directed toward mastercard.com or other affected domains.

The message suggested his public disclosure of the MasterCard DNS error via a post on LinkedIn (after he’d secured the akam.ne domain) was not aligned with ethical security practices, and passed on a request from MasterCard to have the post removed.

“But we’ll let you judge— here are some of the DNS lookups we recorded before reporting the issue.”As the screenshot above shows, t…

2 days, 1 hour назад @ krebsonsecurity.com
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Chinese Innovations Spawn Wave of Toll Phishing Via SMS Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.

In each case, the emergence of these SMS phishing attacks coincided with the release of new phishing kit capabilities that closely mimic these toll operator websites as they appear on mobile devices.

Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year, when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages design…

1 week назад @ krebsonsecurity.com
Microsoft: Happy 2025. Here’s 161 Security Updates
Microsoft: Happy 2025. Here’s 161 Security Updates Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack.

Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.

The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335.

And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.

1 week, 2 days назад @ krebsonsecurity.com
A Day in the Life of a Prolific Voice Phishing Crew
A Day in the Life of a Prolific Voice Phishing Crew A Day in the Life of a Prolific Voice Phishing Crew

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in an elaborate voice phishing attack.

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers.

-The Operator: The individual managing the phishing panel, silently moving the victim from page to page.

-The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls.

Nixon said the constant snaking within the voice phishing circles points to a psychological self-selection phenomenon that is in desperate need of ac…

2 weeks, 2 days назад @ krebsonsecurity.com
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
U.S. Army Soldier Arrested in AT&T, Verizon Extortions U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon.

Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.

Think again.”On that same day, Kiberphant0m posted what they claimed was the “data schema” from the U.S. National Security Agency.

The profile photo on Wagenius’ Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier.

Nixon asked to sha…

3 weeks, 3 days назад @ krebsonsecurity.com
Happy 15th Anniversary, KrebsOnSecurity!
Happy 15th Anniversary, KrebsOnSecurity! Happy 15th Anniversary, KrebsOnSecurity!

Instead, they purchase the item using stolen payment card data and your shipping address.

March featured several investigations into the history of various people-search data broker services.

Radaris repeatedly threatened to sue KrebsOnSecurity unless that publication was retracted in full, alleging that it was replete with errors both factual and malicious.

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.

There is zero third-party content on this website, apart from the occasional Youtube video embedded as part of a story.

3 weeks, 4 days назад @ krebsonsecurity.com
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds.

Silent Push also learned Araneida bundles its service with a robust proxy offering, so that customer scans appear to come from Internet addresses that are randomly selected from a large pool of available traffic relays.

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums.

“They are constantly bragging with their community about the crimes that are being committed, how it’s making criminals money,” said Zach Edwards, a senior threat researcher at Silent P…

1 month назад @ krebsonsecurity.com
How to Lose a Fortune with Just One Bad Click
How to Lose a Fortune with Just One Bad Click How to Lose a Fortune with Just One Bad Click

At the same time, he received an email that came from a google.com email address, warning his Google account was compromised.

Unbeknownst to him at the time, Google Authenticator by default also makes the same codes available in one’s Google account online.

“I made mistakes due to being so busy and not thinking correctly,” Tony told KrebsOnSecurity.

Comparing notes, they discovered the fake Google security alerts they received just prior to their individual bitcoin thefts referenced the same phony “Google Support Case ID” number.

Daniel told Junseth he and his co-conspirators had just scored a $1.2 million theft that was still pending on the bitcoin investment platform SwanBitcoin.

1 month, 1 week назад @ krebsonsecurity.com
How Cryptocurrency Turns to Cash in Russian Banks
How Cryptocurrency Turns to Cash in Russian Banks How Cryptocurrency Turns to Cash in Russian Banks

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds.

These platforms are built for Russian speakers, and they each advertise the ability to anonymously swap one form of cryptocurrency for another.

“Purportedly, the purpose of these platforms is for companies to accept cryptocurrency payments in exchange for goods or services,” Sanders told KrebsOnSecurity.

Their inquiry found 422 Richards St. was listed as the registered address for at least 76 foreign currency dealers, eight MSBs, and six cryptocurrency exchanges.

SANCTIONS E…

1 month, 1 week назад @ krebsonsecurity.com
Patch Tuesday, December 2024 Edition
Patch Tuesday, December 2024 Edition Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.

The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.

“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7.

System admins should keep an eye on AskWoody.com, which usually has the details if any of the Patch Tuesday fixes are causing problems.

In the meantime, if you run into any problems applying this month’s fixe…

1 month, 2 weeks назад @ krebsonsecurity.com
U.S. Offered $10M for Hacker Just Arrested by Russia
U.S. Offered $10M for Hacker Just Arrested by Russia U.S. Offered $10M for Hacker Just Arrested by Russia

The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Love your country, and you will always get away with everything.”Still, Wazawaka may not have always stuck to that rule.

The men were among 14 suspected REvil members rounded up by Russia in the weeks before Russia invaded Ukraine in 2022.

Earlier this year, Russian authorities arrested at least two men for allegedly operating the short-lived Sugarlocker ransomware program in 2021.

1 month, 3 weeks назад @ krebsonsecurity.com
Why Phishers Love New TLDs Like .shop, .top and .xyz
Why Phishers Love New TLDs Like .shop, .top and .xyz Why Phishers Love New TLDs Like .shop, .top and .xyz

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).

The study finds that while .com and .net domains made up approximately half of all domains registered in the past year (more than all of the other TLDs combined) they accounted for just over 40 percent of all cybercrime domains.

Interisle says an almost equal share — 37 percent — of cybercrime domains were registered through new gTLDs.

Levine said adding more TLDs without a much stricter registration policy will likely further expand…

1 month, 3 weeks назад @ krebsonsecurity.com
Hacker in Snowflake Extortions May Be a U.S. Soldier
Hacker in Snowflake Extortions May Be a U.S. Soldier Hacker in Snowflake Extortions May Be a U.S. Soldier

Kiberphant0m’s identities on cybercrime forums and on Telegram and Discord chat channels have been selling data stolen from customers of the cloud data storage company Snowflake.

After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories for some of the world’s largest corporations.

On BreachForums, Kiberphant0m has sold the source code to “Shi-Bot,” a custom Linux DDoS botnet based on the Mirai malware.

The Vars_Secc telegram handle also has claimed ownership of the BreachForums member “Boxfan,” and Intel 471 shows Boxfan’s early posts on the forum had the Vars_Secc Telegram account in their signature.

Reached via Telegr…

1 month, 4 weeks назад @ krebsonsecurity.com
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Feds Charge Five Men in ‘Scattered Spider’ Roundup Feds Charge Five Men in ‘Scattered Spider’ Roundup

The five men, aged 20 to 25, are allegedly members of a hacking conspiracy dubbed “Scattered Spider” and “Oktapus,” which specialized in SMS-based phishing attacks that tricked employees at tech firms into entering their credentials and one-time passcodes at phishing websites.

The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time.

Evans, Elbadawy, Osiebo and Urban were all charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft.

Buchanan, who is named as an indicted co-conspirator, was charged with conspiracy to commit wire fraud, c…

2 months назад @ krebsonsecurity.com
Fintech Giant Finastra Investigating Data Breach
Fintech Giant Finastra Investigating Data Breach Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfer platform.

Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems.

“There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently,” the notice continued.

However, it did reference many of the same banks called out as Fin…

2 months назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 7 часов назад
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

7 часов назад @ tripwire.com
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

1 day, 16 hours назад @ grahamcluley.com
Half a million hotel guests at risk after hackers accessed sensitive data
Half a million hotel guests at risk after hackers accessed sensitive data Half a million hotel guests at risk after hackers accessed sensitive data

The personal information of almost half a million people is now in the hands of hackers after a security breach of a company used by some of the world's best known hotel brands.

The hackers used the stolen credentials to scoop up data, which included the login information for Otelier's S3 buckets.

The hackers claimed to Bleeping Computer that they had downloaded huge amounts of data, including millions of documents from S3 buckets managed by Otelier that belonged to the Marriott hotel chain.

It is hard, however, to think of Marriott and the pther famous hotel brands, however, appear to be innocent parties.

You also need to consider how well the data is being secured by the third-parties and…

2 days, 6 hours назад @ bitdefender.com
The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs
The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs

Meanwhile Graham isn’t tempted by NVIDIA’s $3000 supercomputer, and Mark explains his emergency manoeuvre for avoiding karaoke.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

F…

2 days, 22 hours назад @ grahamcluley.com
Medusa ransomware: what you need to know
Medusa ransomware: what you need to know

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

3 days, 3 hours назад @ tripwire.com
No, Brad Pitt isn’t in love with you
No, Brad Pitt isn’t in love with you No, Brad Pitt isn’t in love with you

While browsing the site, she saw a picture of Hollywood actor Brad Pitt and hit "Like."

Anne received a message from a woman introducing herself as Jane Etta Hillhouse, the mother of William Bradley Pitt - known to the world as Hollywood heartthrob Brad Pitt.

Initially, "Brad Pitt" acted uninterested in Anne's messages, embarrassed that his mother had put them in touch.

Next, Anne received a fake “breaking news” report that Brad Pitt had declared his love for a woman named "Anne."

According to Anne, she wired a total of 830,000 Euros (approximately US $850,000) to the person she believed was Brad Pitt.

1 week назад @ bitdefender.com
UK government proposes ransomware payment ban for public sector
UK government proposes ransomware payment ban for public sector UK government proposes ransomware payment ban for public sector

If there was simply no way to unlock its systems and recover its data, what is an organisation supposed to do?

And that, undoubtedly unpleasant as it is, it may be a better choice to pay the ransom than to not pay it.

For instance, take the impact on healthcare services when they are hit by a determined ransomware attack.

A ban on ransomware payments may have the very best of intentions – but still have serious and costly unintended consequences.

But currently, the decision as to pay or not remains in the hands of most companies and individuals in the UK.

1 week, 1 day назад @ exponential-e.com
Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT
Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT Smashing Security podcast #400: Hacker games, AI travel surveillance, and 25 years of IoT

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Tripwire Enterprise – Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to re…

1 week, 1 day назад @ grahamcluley.com
The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” mode
The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” mode The AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” mode

In episode 33 of The AI Fix, our hosts watch a robot fall over, ChatGPT demonstrates that it can’t draw a watch face but it can fire a gun, a man without a traffic cone gets trapped in his Waymo taxi, Graham discovers what social robots are, and both hosts watch horrified as somebody rips a robot’s face off.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts o…

1 week, 3 days назад @ grahamcluley.com
Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam
Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam

Pinillo is alleged to have falsely claimed that his Solano Fi cryptocurrency scheme was risk-free, and promised a 34.9% monthly return.

The indictment further alleges that he implemented a pyramid scheme, encouraging investors to recruit others with promises of additional returns for each new member.

In all, 1515 people are suspected of falling victim to the scam scheme which totalled at least US $5.9 million.

Inevitably investors in the scheme attempted to withdraw their funds, and Pinillo is alleged to have made a number of excuses (including marketing volatility and technical issues).

“Cryptocurrency fraudsters often quickly route funds to international accounts, which presents new chall…

1 week, 3 days назад @ bitdefender.com
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

He chose to use Kraken, a well-known US-based cryptocurrency exchange, and having made the investment left it alone for two years.

One way in which Art might have better defended himself was by using a password manager.

Password managers like Bitdefender Password Manager offer to enter your sign-in information when it's on a website it recognises.

If Art had been using a password manager, he might have realised it wasn't the real Kraken website when his password manager failed to enter his password for him.

Kraken users can also make it more difficult for hackers to breach their accounts by protecting them with two-factor authentication (2FA).

2 weeks назад @ bitdefender.com
Smashing Security podcast #399: Honey in hot water, and reset your devices
Smashing Security podcast #399: Honey in hot water, and reset your devices Smashing Security podcast #399: Honey in hot water, and reset your devices

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky, Mastodon, or Threads to read more of the exclusive content we post.

2 weeks назад @ grahamcluley.com
Space Bears ransomware: what you need to know
Space Bears ransomware: what you need to know

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks назад @ tripwire.com
United Nations aviation agency hacked, recruitment database plundered
United Nations aviation agency hacked, recruitment database plundered United Nations aviation agency hacked, recruitment database plundered

The United Nations' aviation agency has confirmed that hackers have compromised its systems, and accessed thousands of records stored in its internal recruitment database.

Furthermore, ICAO emphasised that the hack was limited to its recruitment data, and had not impacted any systems related to aviation safety or security operations.

The aviation agency, which is headquartered in Montreal, says that it is determining who had been impacted by the data breach, and would be notifying affected individuals.

This is not the first time that the UN's aviation agency has suffered at the hands of hackers.

In November 2016, hackers linked to China hacked the ICAO, stealing employee data, and spreading…

2 weeks, 1 day назад @ bitdefender.com
The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution
The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution The AI Fix #32: Agentic AI, killer robot fridges, and the robosexual revolution

In episode 32 of The AI Fix, our hosts learn the meaning of “poronkusema”, Mark discovers his dream job, a school tries using AI instead of teachers, the “Godfather of AI” says AI will see us as toddlers, and Graham lifts the lid on the hidden threat of killer robot fridges.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the …

2 weeks, 2 days назад @ grahamcluley.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 4 часа назад
Удаляем метаданные из фотографий, видео и других файлов: зачем и как | Блог Касперского
Удаляем метаданные из фотографий, видео и других файлов: зачем и как | Блог Касперского Удаляем метаданные из фотографий, видео и других файлов: зачем и как | Блог Касперского

Разберемся, как с помощью встроенных средств удалить метаданные фото, видео, DOC- и PDF-файлов.

Фото и видеоНа WindowsВ Проводникe Windows нажмите правой кнопкой на файл, выберите Свойства и перейдите во вкладку Подробно.

При этом местоположение будет указано только у тех фото- и видеоматериалов, в момент создания которых были включены службы геолокации.

Пользователи Windows могут удалить метаданные DOC-файлов с помощью Проводника Windows по аналогии с фото и видео.

Избавиться от метаданных PDF-файлов с помощью Проводника Windows можно по аналогии с фото и видео.

4 часа назад @ kaspersky.ru
CVE-2025-0411 — уязвимость в 7-Zip | Блог Касперского
CVE-2025-0411 — уязвимость в 7-Zip | Блог Касперского CVE-2025-0411 — уязвимость в 7-Zip | Блог Касперского

В популярном архиваторе 7-Zip была обнаружена уязвимость CVE-2025-0411, позволяющая злоумышленникам обходить защитный механизм Mark-of-the-Web.

Уязвимость была оперативно исправлена, однако, поскольку в программе отсутствует механизм автоматического обновления, у некоторых пользователей могла остаться уязвимая версия.

Злоумышленники неоднократно были замечены за попытками избавиться от отметки MOTW для того, чтобы ввести пользователя в заблуждение.

CVE-2025-0411 позволяет злоумышленникам создать архив таким образом, что при его распаковке программой 7-Zip файлы не унаследуют пометку MOTW.

В результате атакующий может эксплуатировать эту уязвимость для запуска вредоносного кода с правами пол…

2 days, 1 hour назад @ kaspersky.ru
Как загрузить, установить и обновить приложения Kaspersky для Android | Блог Касперского
Как загрузить, установить и обновить приложения Kaspersky для Android | Блог Касперского Как загрузить, установить и обновить приложения Kaspersky для Android | Блог Касперского

Также эти приложения можно установить вручную из APK-файлов, доступных на нашем сайте или в вашем аккаунте My Kaspersky.

В этой статье мы дадим подробные инструкции, как установить Kaspersky на Android в 2025 году.

Вы также можете установить приложения из APK-файла, загруженного с официального сайта или из аккаунта My Kaspersky.

Для этого перейдите в раздел Профиль и под иконкой Kaspersky Free нажмите Поехали!, затем выберите подписку — Kaspersky Standard, Kaspersky Plus или Kaspersky Premium, количество устройств, которое вам необходимо защитить, и завершите оформление заказа.

Также вы можете установить приложение Kaspersky по описанному выше сценарию из альтернативного магазина или APK-фа…

3 days, 5 hours назад @ kaspersky.ru
Анонсы новых гаджетов на CES 2025 и их влияние на безопасность | Блог Касперского
Анонсы новых гаджетов на CES 2025 и их влияние на безопасность | Блог Касперского Анонсы новых гаджетов на CES 2025 и их влияние на безопасность | Блог Касперского

На Consumer Electronics Show уделяют внимание и кибербезопасности, но она, мягко скажем, не является первым и главным вопросом повестки дня.

Bosch Revol не только автоматически укачивает младенца, но и ведет за ним непрерывное видеонаблюдение и звукозапись, одновременно с помощью миллиметрового радара сканируя пульс и частоту дыхания малыша.

Но, в отличие от компьютеров и смартфонов, в поток информации с очков попадут голоса, фото и видео всех окружающих.

BenjiLock: амбарный замок с биометриейТеперь пристегнуть свой велосипед или запереть дверь сарая можно, не запоминая коды и не плодя ключи.

Устройство устойчиво к влаге и пыли и, по заявлению производителя, работает на одной зарядке до год…

1 week, 2 days назад @ kaspersky.ru
Хайп и путаница вокруг квантовых компьютеров в криптографии
Хайп и путаница вокруг квантовых компьютеров в криптографии Хайп и путаница вокруг квантовых компьютеров в криптографии

В реальности ситуация и спокойней, и сложней, но в медиа об этом писать не так интересно.

Компания прогнозировала, что в 2009 году можно будет арендовать квантовый компьютер для вычислений через облако, применяя его для анализа рисков в страховом деле, для моделирования в химии и материаловедении, а также для «правительственных и военных нужд».

Интернет-гигантыКвантовыми вычислениями интересуются (и инвестируют в них) многие крупные IT-компании, в том числе Google и IBM.

Авторы утверждают, что в чипе удалось решить одну из ключевых проблем масштабирования квантовых вычислений — коррекцию ошибок.

Добро пожаловать в реальностьОставляя в стороне математическую и техническую сторону дела, подыт…

1 week, 2 days назад @ kaspersky.ru
Простые советы для защиты от кражи паролей для электронной почты, соцсетей и сервисов госуслуг | Блог Касперского
Простые советы для защиты от кражи паролей для электронной почты, соцсетей и сервисов госуслуг | Блог Касперского Простые советы для защиты от кражи паролей для электронной почты, соцсетей и сервисов госуслуг | Блог Касперского

Но мошенники могут выманить ваш пароль от почты, сервисов госуслуг, банковских сервисов или соцсетей, сымитировав форму ввода логина-пароля известного сервиса на своем (постороннем) сайте.

Не попадайтесь — пароль от почты может проверять только сам почтовый сервис и никто другой!

Это самый простой вариант, но нужно убедиться, что вы действительно заходите на легитимный сайт и в его адресе нет никакой ошибки.

На рисунке ниже — примеры оригинальных страниц входа на разные сервисы, на которых можно смело вводить имя и пароль от этого сервиса.

Схема работает так: внешний сервис проверяет, что вы — это вы, и подтверждает это сайту, на который вы входите.

1 week, 4 days назад @ kaspersky.ru
Легитимные расширения Chrome крадут пароли Facebook*
Легитимные расширения Chrome крадут пароли Facebook* Легитимные расширения Chrome крадут пароли Facebook*

Сразу после католического Рождества стало известно о многоэтапной атаке на разработчиков популярных расширений Google Chrome.

Атака на разработчиков: злоупотребление OAuthЧтобы внедрить троянскую функциональность в популярные расширения Chrome, преступники разработали оригинальную систему фишинга.

Эта стандартная процедура проходит на легитимных страницах Google, только приложение Privacy Policy Extension запрашивает права на публикацию расширений в Web Store.

Они просто злоупотребляют системой Google по делегированию прав, чтобы выманить у разработчика разрешение на обновление его расширения.

Вредоносные функции в принципе позволяют похищать данные и от других сайтов, поэтому стоит провери…

1 week, 6 days назад @ kaspersky.ru
Как взламывают уязвимые роботы-пылесосы Ecovacs | Блог Касперского
Как взламывают уязвимые роботы-пылесосы Ecovacs | Блог Касперского Как взламывают уязвимые роботы-пылесосы Ecovacs | Блог Касперского

Уязвимости в роботах-пылесосах и газонокосилках EcovacsИзначально об уязвимостях, обнаруженных в роботах-пылесосах и автономных газонокосилках производства компании Ecovacs, стало известно в августе 2024 года.

Взлом роботов-пылесосов Ecovacs в реальной жизниСудя по всему, доклад на DEF CON вызвал заметный интерес в сообществе хакеров.

И похоже, что кто-то из них доработал атаку на роботы-пылесосы Ecovacs и действительно провел серию атак на роботы, принадлежащие другим людям.

После этого его владелец посмотрел в приложение Ecovacs и увидел в нем, что кто-то запустил видеотрансляцию и удаленное управление.

О третьем подобном случае сообщали из Техаса — еще один робот Ecovacs поздним вечером …

2 weeks, 1 day назад @ kaspersky.ru
Прогнозы киберугроз и трендов на 2025 год от экспертов Kaspersky | Блог Касперского
Прогнозы киберугроз и трендов на 2025 год от экспертов Kaspersky | Блог Касперского Прогнозы киберугроз и трендов на 2025 год от экспертов Kaspersky | Блог Касперского

Нет, наши коллеги не достают хрустальные шары или колоды таро и не открывают быстрые курсы по улучшению магических способностей.

Их прогнозы основаны на анализе трендов и угроз со всего мира, с которыми мы сталкиваемся каждый день.

Поэтому мы призываем с особой осторожностью пользоваться ИИ — ведь уже в 2024 году мы не раз рассказывали об исходящих от него угрозах.

Об опасности загрузки игр с торрентов мы даже и не говорим — тут все и так предельно ясно.

Политики конфиденциальности, например GDPR (Евросоюз) и CPRA (Калифорния, США), стимулируют аналогичные реформы в остальных штатах США и в Азии.

2 weeks, 4 days назад @ kaspersky.ru
Кибератаки Trusted Relationship и их предотвращение
Кибератаки Trusted Relationship и их предотвращение Кибератаки Trusted Relationship и их предотвращение

У любого современного бизнеса — десятки и сотни поставщиков и подрядчиков, которые в свою очередь пользуются услугами и товарами других поставщиков и подрядчиков.

Для бизнес-лидеров и руководителей ИБ и ИТ очень важно понимать риски, связанные с атаками на цепочку поставок, чтобы эффективно управлять этими рисками.

Выгоды атак на цепочку поставок для преступниковАтаки на цепочку поставок имеют для злоумышленника несколько преимуществ.

Особо отметим случаи, которые формально не являются атакой на цепочку поставок, — атаку на важных технологических провайдеров конкретной индустрии.

Только применяя превентивные меры в масштабе всей организации и стратегически подходя к партнерству с поставщика…

4 weeks, 1 day назад @ kaspersky.ru
Тенденции кибербезопасности в 2025 году | Блог Касперского
Тенденции кибербезопасности в 2025 году | Блог Касперского Тенденции кибербезопасности в 2025 году | Блог Касперского

Не отправлять в ИИ личную информацию.

Учитывая, что эти данные могут храниться длительное время, использоваться для дообучения ИИ и в результате утекать на сторону, лучше их просто не отправлять.

Поначалу дипфейки применялись, чтобы призвать к участию в финансовых пирамидах или фальшивой благотворительности, но теперь в ход пошли адресные схемы.

Сначала арест основателя Telegram Павла Дурова поставил вопрос о том, какие спецслужбы и на каких условиях в дальнейшем будут получать доступ к перепискам в Telegram.

Данные с телефона и компьютера резервировать в облачном хранилище, а данные, хранящиеся в облачных сервисах, загружать для локального хранения.

1 month назад @ kaspersky.ru
BadRAM: атака при помощи вредоносного модуля RAM
BadRAM: атака при помощи вредоносного модуля RAM BadRAM: атака при помощи вредоносного модуля RAM

Secure Encrypted Virtualization, равно как и аналогичная технология Intel, известная как Trust Domain Extensions, используют, по сути, отдельный процессор.

Этот чип анонсирует присутствие модуля в системе и передает процессору ключевые параметры, включая, например, оптимальную частоту работы чипов памяти и их объем.

Они взяли модуль памяти на 32 гигабайта, перепрошили чип SPD и прописали туда объем в два раза больший — 64 гигабайта.

Даже в таком «параноидальном режиме» трудно избежать ошибок, что и показала работа BadRAM.

Ее авторы говорят о том, что разработчики TEE-систем слишком полагаются на сложность извлечения данных из оперативной памяти.

1 month назад @ kaspersky.ru
Мошенническая схема с сид-фразой в открытом доступе | Блог Касперского
Мошенническая схема с сид-фразой в открытом доступе | Блог Касперского Мошенническая схема с сид-фразой в открытом доступе | Блог Касперского

Выглядело это подозрительно: едва ли даже новичок в мире криптовалют поделился своей сид-фразой со всем миром.

«С меня — сид-фраза, с вас — помощь в переводе моих денег в другой кошелек»Начнем с азов.

И когда кто-то делится своей сид-фразой, то есть фактически ключом к собственному кошельку, — это выглядит очень и очень подозрительно.

Мы обнаружили однотипные комментарии, в каждом из которых была эта самая восстановительная фраза и просьба о помощи в переводе денег на другую платформу.

Открыв кошелек, он с удивлением обнаруживает его набитым USDT — это токен TRC20 в сети TRON, привязанный к стоимости доллара США.

1 month назад @ kaspersky.ru
Железо для SIEM-системы | Блог Касперского
Железо для SIEM-системы | Блог Касперского Железо для SIEM-системы | Блог Касперского

Такая оценка нужна не только для расчета необходимого аппаратного обеспечения, но и для оценки стоимости лицензии.

И еще один важный аспект — при выборе SIEM-системы важно проверить, как именно вендор считает количество событий для лицензирования.

Ядро является обязательным компонентом и может быть установлено как в единственном экземпляре, так и в виде отказоустойчивого кластера.

Система хранения KUMA SIEM гибкая, она позволяет распределить поток событий по нескольким спейсам и для каждого спейса указать свою глубину хранения.

Также для обработки такого количества событий может потребоваться три сервера коллекторов, которые будут установлены в офисах с максимальным потоком событий.

1 month назад @ kaspersky.ru
Лучшие конфиденциальные сервисы в подарок | Блог Касперского
Лучшие конфиденциальные сервисы в подарок | Блог Касперского Лучшие конфиденциальные сервисы в подарок | Блог Касперского

До Нового года и Рождества остаются считаные дни, а перегруженные службы доставки могут опоздать и не привезти нужные подарки вовремя.

Поэтому годовая подписка на сервис, повышающий приватность, может стать ценным подарком и в денежном выражении.

Microsoft в последние годы стремится наверстать упущенное, включая даже в офлайновый Office целый набор спорных функций: автосохранение в OneDrive, «необязательные сетевые функции«, «функции LinkedIn».

Функции по защите приватности будут доступны не только на компьютерах, но и на смартфонах.

Ну и, разумеется, Kaspersky Premium включает в себя и менеджер паролей Kaspersky Password Manager, и определитель номера Kaspersky Who Calls, и даже год защиты…

1 month назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 2 days, 3 hours назад
Simplifying Zero Trust Security for the Modern Workplace
Simplifying Zero Trust Security for the Modern Workplace Simplifying Zero Trust Security for the Modern Workplace

The upgraded suite is designed to provide comprehensive workplace security and help organizations implement zero trust access.

User Protection Suite Capabilities:Cisco’s User Protection Suite includes the key capabilities necessary to protect users and devices.

Zero Trust Access: Ease the transition to ZTNACisco Secure Access allows organizations to adopt Security Service Edge (SSE) with integrated Zero Trust Network Access (ZTNA) and VPN-as-a-service.

ISE assigns tags to these devices, including corporate devices, BYOD, and IoT devices, like cameras and printers.

Learn MoreTo explore the different tiers of Cisco’s User Protection Suite, check out the User Protection Suite At-A-Glance.

2 days, 3 hours назад @ blogs.cisco.com
Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption
Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption

Last year, we published our Cisco AI Readiness Index, which provided critical insights into the state of enterprise AI adoption.

I’m proud to announce Cisco AI Defense, the first truly comprehensive solution for enterprise AI security.

To accomplish this, it comprises four main components: AI Access, AI Cloud Visibility, AI Model & Application Validation, and AI Runtime Protection.

Cisco AI Defense gives security teams comprehensive visibility and control over the rapidly growing threat of shadow AI.

Cisco AI Defense addresses AI risk from beginning to end, giving business and security leaders the confidence to bring AI applications to market.

1 week, 2 days назад @ blogs.cisco.com
Advancing AI Security and Contributing to CISA’s JCDC AI Efforts
Advancing AI Security and Contributing to CISA’s JCDC AI Efforts Advancing AI Security and Contributing to CISA’s JCDC AI Efforts

A few months ago this year, I wrote about an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

CISA used the insights gained from these exercises to develop an AI Security Incident Collaboration Playbook, which serves as a guide for enhancing effective operational collaboration among government agencies, private industry and international stakeholders.

Enables collaboration among the U.S. federal government, private industry, international government counterparts and the AI community to raise awareness of AI cybersecurity risks across critical infrastructure, enhancing the security and resili…

1 week, 3 days назад @ blogs.cisco.com
From Chaos to Clarity: Navigating Threats With Cisco XDR
From Chaos to Clarity: Navigating Threats With Cisco XDR From Chaos to Clarity: Navigating Threats With Cisco XDR

By providing comprehensive visibility and actionable insights across entire networks, Cisco XDR empowers organizations to detect and respond to threats more effectively and efficiently.

Why Cisco XDR MattersCisco XDR isn’t just another security tool.

When every second counts, Cisco XDR can automatically respond to identified threats, significantly reducing the time to mitigate security incidents.

From safeguarding critical systems to helping protect sensitive data, Cisco XDR provides a holistic approach to cybersecurity.

Discover how Cisco XDR can address the unique challenges in your industry:We’d love to hear what you think.

1 week, 3 days назад @ blogs.cisco.com
Strengthening Docker Security: Best Practices for Resilient Containers
Strengthening Docker Security: Best Practices for Resilient Containers Strengthening Docker Security: Best Practices for Resilient Containers

However, the rapid proliferation and wide adoption of Docker technology has increased a number of serious security vulnerabilities.

The items below enumerate some key approaches towards optimal security in Docker containers.

Key security areas in DockerImage security:Base images are the foundation of Docker containers, and ensuring their integrity is paramount.

Network security:Without proper network segmentation, lateral movement can quickly occur with attackers inside containerized environments, creating a significant security risk.

Docker Security Best Practices: A Holistic Approach to Container ProtectionConclusionWhile Docker scales up and deploys just about any application, you can’t …

1 month назад @ blogs.cisco.com
The Impacts of Government Regulations on PQC Product Availability
The Impacts of Government Regulations on PQC Product Availability The Impacts of Government Regulations on PQC Product Availability

This blog, the third in a series on post-quantum computing, takes on the important issue of U.S. government regulation and its impact on PQC product availability.

CSfC solutions align with the NSA’s Commercial National Security Algorithm (CNSA) requirements.

However, they cannot be used in certain U.S. government applications until the certification requirements are updated to allow CNSA 2.0 capabilities.

The government is taking action to speed up the creation of new certification requirements for CC and CSfC.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

1 month, 1 week назад @ blogs.cisco.com
GenAI to Advanced Microsegmentation: Secure Workload 3.10 Has It All!
GenAI to Advanced Microsegmentation: Secure Workload 3.10 Has It All! GenAI to Advanced Microsegmentation: Secure Workload 3.10 Has It All!

The platform for microsegmentation has taken a significant leap forward with the launch of its 3.10 release earlier this month.

Harnessing eBPF: Elevating Secure Workload visibility and efficiencyAs part of its commitment to scalability and resilience, the Secure Workload 3.10 release introduces a major innovation by replacing the traditional “libpcap” method with the cutting-edge eBPF technology.

Secure Workload Agent architectureFrom task-centric to outcome-centric: Unlocking GenAI with Secure Workload 3.10The Secure Workload 3.10 release takes a bold step forward by integrating GenAI, transforming the platform from task-focused to outcome-driven.

Secure Workload 3.10 sets the stage for G…

1 month, 1 week назад @ blogs.cisco.com
A New Approach to Network Troubleshooting in the Multicloud World
A New Approach to Network Troubleshooting in the Multicloud World A New Approach to Network Troubleshooting in the Multicloud World

1: Observability and network troubleshooting with Isovalent Enterprise, Amazon CloudWatch Network Monitoring and SplunkThe deep integration in practiceLet’s see how the Cisco and AWS integration would work in the real world.

Their network team had sophisticated tools for monitoring on-premises performance but found that they had gaps in their network visibility when traffic moved to the cloud.

When users complained about performance, the network team couldn’t tell if the problem was their application, the AWS network or somewhere in between.

This new solution extends ThousandEyes’ well known path visualization capabilities into the AWS network and also correlates how traffic flow impacts ap…

1 month, 3 weeks назад @ blogs.cisco.com
How Cisco Uses the Isovalent Platform to Secure Cloud Workloads
How Cisco Uses the Isovalent Platform to Secure Cloud Workloads How Cisco Uses the Isovalent Platform to Secure Cloud Workloads

At Cisco, we have integrated the Isovalent platform into our infrastructure to ensure our cloud workloads are protected without compromising on performance.

The Isovalent platform is based on the eBPF (extended Berkeley Packet Filter) technology that offers a very modern approach to securing cloud-native environments.

Isovalent embeds security at the kernel level to provide identity-based security, network segmentation, and traffic visibility without the overhead that’s usually associated with legacy solutions.

That means Cisco can better protect our workloads and scale with seamless network policy enforcement in our growing cloud infrastructure.

ConclusionIntegrating the Isovalent platform…

1 month, 4 weeks назад @ blogs.cisco.com
The Customer Adoption Journey of Cisco Secure Workload
The Customer Adoption Journey of Cisco Secure Workload The Customer Adoption Journey of Cisco Secure Workload

This blog post explores the customer adoption journey of Cisco Secure Workload, highlighting key stages and best practices for successful implementation.

Evaluation: Exploring Cisco Secure Workload capabilitiesOnce aware of the need for a comprehensive workload security solution, the next step is evaluating Cisco Secure Workload.

Implementation: Deploying Cisco Secure WorkloadAfter selecting Cisco Secure Workload, the deployment phase begins.

Customer Journey Map to MicrosegmentationScaling: Expanding workload security across the organizationAs businesses grow and their workloads expand, Cisco Secure Workload scales seamlessly.

The customer adoption journey of Cisco Secure Workload is a ste…

2 months назад @ blogs.cisco.com
Cisco Secure Workload: Leading in Segmentation Maturity
Cisco Secure Workload: Leading in Segmentation Maturity Cisco Secure Workload: Leading in Segmentation Maturity

Cisco Secure Workload is at the forefront of this shift, offering solutions to help organizations reach segmentation maturity.

Segmentation maturity is about how effectively an organization isolates its critical systems through workload segmentation to prevent lateral movement in case of a breach.

Cisco Secure Workload accelerates an organization’s journey to segmentation maturity, making it an essential component of a zero-trust strategy.

Cisco Secure Workload simplifies compliance by providing detailed visibility and fine-grained control over workload segmentation.

Cisco Secure Workload enables organizations to achieve and sustain segmentation maturity, adapting to their evolving needs.

2 months назад @ blogs.cisco.com
Quantum Cryptography: What’s Coming Next
Quantum Cryptography: What’s Coming Next Quantum Cryptography: What’s Coming Next

Incorporating PQC algorithms into transport protocolsTo accommodate the new algorithms, it will be necessary to create new, or modify existing, transport protocols.

Making hardware quantum safe will therefore mean updating a variety of hardware components and functions that rely on cryptography.

For example, the Unified Extensible Firmware Interface (UEFI) needs to be adapted so it can handle PQC algorithms and keys.

PQC hardware availabilityCisco has offered quantum-safe hardware since 2013.

New quantum-safe editions of Secure Boot and Cisco Trust Anchor Technologies will be coming out soon, implementing the new NIST PQC standards.

2 months назад @ blogs.cisco.com
Happy Third Birthday to Secure MSP Center
Happy Third Birthday to Secure MSP Center Happy Third Birthday to Secure MSP Center

It is hard to believe that this November, we will be celebrating the third anniversary of the launch of Secure MSP Center.

We have come a long way from having MSPs buy single products to offering a streamlined, comprehensive program and dashboard for MSPs through Secure MSP Center and MSP Hub.

We took this feedback to heart and built Secure MSP Center.

You can learn more about the benefits of this dashboard from my previous blog: Up your Quality of Life with Secure MSP Hub and Secure MSP Center.

To learn more visit Secure MSP Center or email us at MSP Sales.

2 months назад @ blogs.cisco.com
Reducing Help Desk Tickets With Cisco’s User Protection Suite
Reducing Help Desk Tickets With Cisco’s User Protection Suite Reducing Help Desk Tickets With Cisco’s User Protection Suite

While there are many benefits of help desk tickets, there are also hidden costs.

How to reduce help desk ticketsOne way to reduce help desk tickets is to implement technology solutions that make access easy for end users.

And by improving the user experience for remote access, this proactively reduces the creation of help desk tickets.

Impact of User Protection Suite toolsCustomers who are using Cisco’s User Protection Suite tools have seen the positive impact of reducing help desk tickets, and the burden on the IT team.

Overall, help desk tickets are an important tool to enable organizations to operate.

2 months назад @ blogs.cisco.com
Business Leader’s Guide for a Successful Microsegmentation Project
Business Leader’s Guide for a Successful Microsegmentation Project Business Leader’s Guide for a Successful Microsegmentation Project

Here’s how to ensure your microsegmentation project is a success, without getting lost in the technical details.

Microsegmentation is a long-term investment in your organization’s security, providing not only protecting today but also adaptability for tomorrow’s challenges.

Gathering the ingredients: Preparation is keyA successful microsegmentation project requires more than just your IT or security department — it needs a cross-functional team.

For this initiative to truly work, the project team must include voices from across the organization: IT, security, application owners, key business leaders and project sponsors.

This knowledge, held by teams across the business, is critical to a su…

2 months, 1 week назад @ blogs.cisco.com
Microsoft Security Microsoft Security
последний пост 1 week назад
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
New Star Blizzard spear-phishing campaign targets WhatsApp accounts New Star Blizzard spear-phishing campaign targets WhatsApp accounts

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.

Targeting WhatsApp account dataStar Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.

Star Blizzard initial spear-phishing email with broken QR codeWhen the recipient responds, Star Blizzard sends …

1 week назад @ microsoft.com
Innovating in line with the European Union’s AI Act
Innovating in line with the European Union’s AI Act Innovating in line with the European Union’s AI Act

You can consult our EU AI Act documentation on the Microsoft Trust Center to stay up to date.

This includes the EU AI Act.

Our framework for guiding engineering teams building Microsoft AI solutions—the Responsible AI Standard—was drafted with an early version of the EU AI Act in mind.

We expect that several of the secondary regulatory efforts under the EU AI Act will provide additional guidance on model- and system-level documentation.

Tags: AI, AI safety policies, Azure OpenAI Service, EU, European Union, Responsible AI

1 week, 2 days назад @ blogs.microsoft.com
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel extensions.

In this blog post, we detail the connection between entitlements and SIP and explain how CVE-2024-44243 could be used to bypass SIP security measures.

Modifying sensitive files on the file system can bypass SIP, for instance, by modifying the list of allowed kernel extensions and then loading that kernel extension.

macOS comes pre-shipped with several such filesystem implementations, each appears as a file system bundle (*.fs) under /System/Library/Filesystems and /Library/Filesystems.

Registered …

1 week, 3 days назад @ microsoft.com
3 takeaways from red teaming 100 generative AI products
3 takeaways from red teaming 100 generative AI products 3 takeaways from red teaming 100 generative AI products

Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generative AI Products.”The AI red team was formed in 2018 to address the growing landscape of AI safety and security risks.

Eight main lessons learned from our experience red teaming more than 100 generative AI products.

Lessons from Red Teaming 100 Generative AI Products Discover more about our approach to AI red teaming.

Read the whitepaperMicrosoft AI red team tackles a multitude of scenariosOver the years, the AI red team has tackled a wide assortment of scenarios that other organizations have likely encountered as well.

Advance your AI red teaming expertiseThe “Lessons From Red Teaming 100 Genera…

1 week, 4 days назад @ microsoft.com
Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response
Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response

Our proven service brings together in-house security professionals and industry-leading protection with Microsoft Defender XDR to help security teams rapidly stop cyberthreats and keep their environments secure.2Frost & Sullivan names Microsoft Defender Experts for XDR a leader in the Frost Radar™ Managed Detection and Response for 2024.1Microsoft Defender Experts for XDR Give your security operations center team coverage with end-to-end protection and expertise.

Microsoft Defender Experts for XDR reinforces your security team with Microsoft security professionals to help reduce talent gap concerns.

Microsoft Defender Experts for XDR is a managed extended detection and response service (MXD…

2 weeks, 3 days назад @ microsoft.com
New Microsoft guidance for the CISA Zero Trust Maturity Model
New Microsoft guidance for the CISA Zero Trust Maturity Model New Microsoft guidance for the CISA Zero Trust Maturity Model

The Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Maturity Model (ZTMM) assists agencies in development of their Zero Trust strategies and continued evolution of their implementation plans.

And now, we are excited to share new Microsoft Guidance for CISA Zero Trust Maturity Model.

We’ll also share the Microsoft Zero Trust platform and relevant solutions that help meet CISA’s Zero Trust requirements, and close with two examples of real-world deployments.

CISA Zero Trust Maturity Model Use this guidance to help meet the goals for ZTMM functions and make progress through maturity stages.

Establishing it as your organization’s Zero Trust identity provider lets you configure, en…

1 month назад @ microsoft.com
Foundry study highlights the benefits of a unified security platform in new e-book
Foundry study highlights the benefits of a unified security platform in new e-book Foundry study highlights the benefits of a unified security platform in new e-book

You can read up on the full results in the e-book The unified security platform era is here.

The unified security platform era is here Read the e-book to gain research-driven insights into securing your organization with a unified security platform.

Setting out on your unified security platform journeyReducing and consolidating security tools around a unified security platform is no small feat, either technologically or culturally.

Moving to a unified security platform is not just about improving defenses, so don’t forget to lend some of your time to maintaining positive employee experiences.

Learn moreLearn more about the Microsoft unified security operations platform.

1 month назад @ microsoft.com
Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row!
Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row!

In the ever-evolving landscape of cloud security, Microsoft continues to assert its dominance with its comprehensive and innovative solutions. The Frost Radar™: Cloud-Native Application Protection Platforms, 2024 report underscores Microsoft’s leadership in both – the innovation and growth index, highlighting several key strengths that set it apart from the competition. Frost and Sullivan states in […]

The post Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row! appeared first on Microsoft Security Blog.

1 month, 1 week назад @ techcommunity.microsoft.com
Agile Business, agile security: How AI and Zero Trust work together
Agile Business, agile security: How AI and Zero Trust work together Agile Business, agile security: How AI and Zero Trust work together

AI security and Zero Trust Agile security for agile businesses.

This means you need a Zero Trust approach to effectively secure AI.

Key strategies to help manage AI security risksThese strategies from the whitepaper illustrate how to manage the risks associated with AI.

Zero Trust and AI: A symbiotic relationshipWe have found that there is a symbiotic relationship between Zero Trust and Generative AI where:AI requires a Zero Trust approach to effectively protect data and AI applications.

The Zero Trust approach to security helps you keep up with continuously changing threats as well as the rapid evolution of technology that AI represents.

1 month, 1 week назад @ microsoft.com
Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security
Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security

To make sure we got our passkey experience right, we adopted a simple methodology: Start small, experiment, then scale like crazy.

Step 3: ScaleAs our users began to enroll passkeys at scale, our sign-in experience needed to behave more intelligently to encourage passkey use.

As we redesigned the experience, we followed these guiding principles:Secure : A great sign-in experience should prioritize security without sacrificing usability.

Learning from our experienceHere are a few suggestions based on our learnings:Don’t be shy about inviting users to enroll passkeys.

Together, we can convince billions and billions of users to enroll passkeys for trillions of accounts!

1 month, 1 week назад @ microsoft.com
Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise​​
Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise​​ Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise​​

Delivering industry-leading detection for a sixth consecutive yearFor the sixth year in a row, Microsoft Defender XDR demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE ATT&CK® Evaluations: Enterprise.

Diagram of Microsoft Defender XDR’s MITRE Tactics, Techniques, and Procedures (TTP) coverage for all cyberattack stages in Detection.

Defender XDR accurately alerted on and blocked only malicious activity every time so the SOC can focus their limited time and resources on responding to real cyberthreats at hand.

Defender XDR accurately alerted on and blocked only malicious activity every time so the SOC can focus their limited time and re…

1 month, 1 week назад @ microsoft.com
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine

This information was encrypted using the same RC4 function and transmitted to the previously referenced Secret Blizzard C2 server at hxxps://citactica[.]com/wp-content/wp-login.php.

Secret Blizzard Actor activity detectedHunting queriesMicrosoft Defender XDRSurface instances of the Secret Blizzard indicators of compromise file hashes.

]com/wp-content/wp-login.php C2 domain Survey Tool and Amadey dropper Secret Blizzard April 2024 a56703e72f79b4ec72b97c53fbd8426eb6515e3645cb02e7fc99aaaea515273e Tavdig payload (rastls.dll) Secret Blizzard April 2024 hxxps://icw2016.coachfederation[.

]br/wp-includes/fonts/icons/ Tavdig C2 domain Secret Blizzard April 2024 f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd…

1 month, 1 week назад @ microsoft.com
New Microsoft Purview features help protect and govern your data in the era of AI
New Microsoft Purview features help protect and govern your data in the era of AI New Microsoft Purview features help protect and govern your data in the era of AI

Today, Microsoft Purview delivers rich data security capabilities through Microsoft Purview Data Loss Prevention, Microsoft Purview Information Protection, and Microsoft Purview Insider Risk Management, enhanced with AI-powered Adaptive Protection.

Microsoft Purview also addresses your data governance needs with the newly reimagined Microsoft Purview Unified Catalog.

Introducing Microsoft Purview Data Security Posture ManagementMicrosoft Purview Data Security Posture Management (DSPM) provides visibility into data security risks and recommends controls to protect that data.

This integration, currently in preview, includes Microsoft Purview Audit for auditing ChatGPT Enterprise interactions,…

1 month, 2 weeks назад @ microsoft.com
Why security leaders trust Microsoft Sentinel to modernize their SOC​​
Why security leaders trust Microsoft Sentinel to modernize their SOC​​ Why security leaders trust Microsoft Sentinel to modernize their SOC​​

Security information and event management (SIEM) solutions have long served as the indispensable nerve center for the security operations center (SOC).

Microsoft Sentinel Transform SecOps with Microsoft Sentinel, powered by the cloud and AI.

Learn moreLearn more about Microsoft Sentinel, and read the Microsoft Sentinel datasheet.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

2Generative AI and Security Operations Center Productivity: Evidence from Live Operations, Microsoft study by James Bono, Alec Xu, Justin Grana.

1 month, 2 weeks назад @ microsoft.com
​​8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management​​
​​8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management​​ ​​8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management​​

Delivering on identity and access management for customersWe believe our 2024 Gartner® Magic Quadrant™ recognition validates our commitment to delivering a comprehensive, AI-powered and automated identity portfolio to customers, with Microsoft Entra.

Provide only the access necessary with right-size permissions, access lifecycle management, and least-privilege access for any identity.

Learn moreYou can learn more by reading the full 2024 Gartner® Magic Quadrant™ for Access Management report.

Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact.

Gartner, Magic Quadrant for Access Management, 2 December 2024…

1 month, 2 weeks назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 22 часа назад
Android enhances theft protection with Identity Check and expanded features
Android enhances theft protection with Identity Check and expanded features Android enhances theft protection with Identity Check and expanded features

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

22 часа назад @ security.googleblog.com
OSV-SCALIBR: A library for Software Composition Analysis
OSV-SCALIBR: A library for Software Composition Analysis OSV-SCALIBR: A library for Software Composition Analysis

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

1 week назад @ security.googleblog.com
Google Cloud expands vulnerability detection for Artifact Registry using OSV
Google Cloud expands vulnerability detection for Artifact Registry using OSV Google Cloud expands vulnerability detection for Artifact Registry using OSV

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

1 month, 2 weeks назад @ security.googleblog.com
Announcing the launch of Vanir: Open-source Security Patch Validation
Announcing the launch of Vanir: Open-source Security Patch Validation Announcing the launch of Vanir: Open-source Security Patch Validation

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

1 month, 2 weeks назад @ security.googleblog.com
Leveling Up Fuzzing: Finding more vulnerabilities with AI
Leveling Up Fuzzing: Finding more vulnerabilities with AI Leveling Up Fuzzing: Finding more vulnerabilities with AI

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

2 months назад @ security.googleblog.com
Retrofitting Spatial Safety to hundreds of millions of lines of C++
Retrofitting Spatial Safety to hundreds of millions of lines of C++ Retrofitting Spatial Safety to hundreds of millions of lines of C++

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

2 months, 1 week назад @ security.googleblog.com
Safer with Google: New intelligent, real-time protections on Android to keep you safe
Safer with Google: New intelligent, real-time protections on Android to keep you safe Safer with Google: New intelligent, real-time protections on Android to keep you safe

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

2 months, 1 week назад @ security.googleblog.com
5 new protections on Google Messages to help keep you safe
5 new protections on Google Messages to help keep you safe 5 new protections on Google Messages to help keep you safe

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

3 months назад @ security.googleblog.com
Safer with Google: Advancing Memory Safety
Safer with Google: Advancing Memory Safety Safer with Google: Advancing Memory Safety

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…

3 months, 1 week назад @ security.googleblog.com
Bringing new theft protection features to Android users around the world
Bringing new theft protection features to Android users around the world Bringing new theft protection features to Android users around the world

Situations like Janine’s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform.

These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices).

These theft protection features are just one example of how Android is working to provide real-world protection for everyone.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help center.

3 months, 1 week назад @ security.googleblog.com
Using Chrome's accessibility APIs to find security bugs
Using Chrome's accessibility APIs to find security bugs Using Chrome's accessibility APIs to find security bugs

If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically.

We need to amortize that cost over thousands of test cases by running a batch of them within each browser invocation.

Yet this is tricky, since Chrome UI controls are deeply nested and often anonymous.

This approach has proven to be about 80% as quick as the original ordinal-based mutator, while providing stable test cases.

If you’d like to follow along, keep an eye on our coverage dashboard as it expands to cover UI code.

3 months, 2 weeks назад @ security.googleblog.com
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

3 months, 3 weeks назад @ security.googleblog.com
Evaluating Mitigations & Vulnerabilities in Chrome
Evaluating Mitigations & Vulnerabilities in Chrome Evaluating Mitigations & Vulnerabilities in Chrome

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…

3 months, 3 weeks назад @ security.googleblog.com
Eliminating Memory Safety Vulnerabilities at the Source
Eliminating Memory Safety Vulnerabilities at the Source Eliminating Memory Safety Vulnerabilities at the Source

Memory safety vulnerabilities remain a pervasive threat to software security.

We’ll also share updated data on how the percentage of memory safety vulnerabilities in Android dropped from 76% to 24% over 6 years as development shifted to memory safe languages.

This decision was driven by the increasing cost and complexity of managing memory safety vulnerabilities.

We first reported this decline in 2022, and we continue to see the total number of memory safety vulnerabilities dropping3.

As the number of memory safety vulnerabilities have dropped, the overall security risk has dropped along with it.

4 months назад @ security.googleblog.com
Google & Arm - Raising The Bar on GPU Security
Google & Arm - Raising The Bar on GPU Security Google & Arm - Raising The Bar on GPU Security

Arm Product Security and GPU TeamsArm has a central product security team that sets the policy and practice across the company.

Working together to secure Android devicesGoogle’s Android Security teams and Arm have been working together for a long time.

So “application ⇒ kernel ⇒ firmware ⇒ kernel” is a known attack flow in this area.

The Arm Product Security Team is actively involved in security-focused industry communities and collaborates closely with its ecosystem partners.

The Android Red Team and Arm continue to work together to proactively raise the bar on GPU security.

4 months назад @ security.googleblog.com