Компания Adobe открыла российским пользователям доступ к скачиванию своего ПО, в том числе Photoshop и Premiere. Эта опция была заблокирована в марте прошлого года. Покупка новых лицензий по-прежнему невозможна, а продлить действующую могут только корпоративные клиенты.
Code hosting platform GitHub on Monday announced the revocation of three digital certificates used for the GitHub Desktop and Atom applications.
The three certificates were stolen on December 6, 2022, after an unauthorized third-party used a compromised Personal Access Token (PAT) for a machine account to clone repositories from Atom, GitHub Desktop, and other deprecated GitHub-owned organizations. GitHub revoked the compromised credentials on December 7.
“After a thorough investigation, we have concluded there was no risk to GitHub.com services as a result of this unauthorized access and no unauthorized changes were made to these projects,” the company says.
According to GitHub, the cloned repositories did not contain customer data, but several encrypted code signing certificates for use via Actions in GitHub Desktop and Atom release workflows were stored in them.
“The certificates were password-protected and we have no evidence of malicious use. As a preventative measure, we will revoke the exposed certificates used for the GitHub Desktop and Atom applications,” GitHub says.
The Microsoft-owned platform explains that the certificate revocation will invalidate some versions of GitHub Desktop for Mac and Atom, but will have no impact on GitHub Desktop for Windows.
Specifically, GitHub Desktop for Mac versions 3.0.2 to 3.1.2 and Atom versions 1.63.0 and 1.63.1 will stop working. GitHub Desktop for Mac users will need to update to the latest release, while Atom users will need to download a previous Atom version (Atom versions 1.63.0-1.63.1 have already been removed from the releases page).
“On Thursday, February 2, 2023, we will revoke the Mac & Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1. Once revoked, all versions signed with these certificates will no longer function,” GitHub announced.
Because the stolen certificates do not appear to have been decrypted by the threat actor, they do not pose a risk to the existing GitHub Desktop and Atom installations but, if decrypted, they could allow the attackers to sign unofficial applications and pretend they were released by GitHub.
The impacted certificates include two Digicert certificates for Windows and one Apple Developer ID certificate. One Digicert certificate expired on January 4, while the other will expire on February 1. The Apple Developer ID certificate is valid until 2027.
“On January 4, 2023, we published a new version of the Desktop app. This version is signed with new certificates that were not exposed to the threat actor,” GitHub notes.
Related: Attackers Can Abuse GitHub Codespaces for Malware Delivery
Related: GitHub Introduces Automatic Vulnerability Scanning Feature
Related: GitHub Announces Free Secret Scanning, Mandatory 2FA
The post GitHub Revokes Code Signing Certificates Following Cyberattack appeared first on SecurityWeek.
В открытый доступ выложены ПДн части зарегистрированных пользователей русскоязычной версии сайта AppleInsider. Об этом сегодня, 31 января, сообщил Telegram-канал «Утечки информации».
Яндекс опубликовал результаты внутреннего расследования инцидента с попавшим в открытый доступ программным кодом. Оказалось, что вместе с ним слили данные некоторых партнеров, ошибки в системе часто исправляли “костылями”, а Алиса подслушивала хозяев. Кроме того, SEO-алгоритмы Яндекса очень похожи на Google.
QNAP призывает установить обновления прошивок QTS и QuTS, устраняющие критическую уязвимость. Согласно описанию, эта брешь позволяет атакующим удалённо внедрить вредоносный код на устройствах QNAP NAS.
Представители GitHub заявили, что неизвестным злоумышленникам удалось украсть сертификаты для подписи кода приложений Desktop и Atom. Судя по всему, киберпреступники смогли получить частичный доступ к среде разработки веб-сервиса.
В декабре прошлого года эксперты «Доктор Веб» обнаружили множество новых угроз в Google Play. В частности, были выявлены десятки троянских программ из семейства Android.FakeApp, способных по команде демонстрировать содержимое различных сайтов, в том числе фишинговых.
Антифрод-система WEB ANTIFRAUD включена в реестр российского ПО. Об этом сообщили представители компании Web Antifraud, занимающейся разработкой продукта. Теперь использовать WEB ANTIFRAUD можно в компаниях, где запрещена установка зарубежного софта.
On Friday, January 20, 2023, Google announced it would lay off 12,000 employees. Amazon and Microsoft have laid off a combined 28,000 people; Twitter has reportedly lost 5,200 people; Meta (Facebook, etcetera) is laying off 11,000… This is just the tech giants, and almost all the staff looking for new positions are, by definition, tech-savvy – and some will be cybersecurity professionals.
Layoffs are not limited to the tech giants. Smaller cybersecurity vendor firms are also affected. OneTrust has laid off 950 staff (25% of employees); Sophos has laid off 450 (10%); Lacework (300, 20%); Cybereason (200, 17%); OwnBackup (170, 17%); OneTrust (950, 25%) and the list goes on.
SecurityWeek examined how this layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment in cybersecurity.
The skills gap is a mismatch between the skills available in the workforce, and the skills required by employers. Required skills are continuously evolving with new technology and business transformation. People can learn how to use computers, and many staff currently being laid off will already have done so. But it is far easier to learn how to use computers than it is to learn how computers work. It is in the latter area that the skills gap becomes a talent gap for cybersecurity.
So, the first observation is that current large-scale layoffs may slightly reduce the skills gap at the computer usage level but will likely have little effect on the cybersecurity-specific talent gap where employment requires a knowledge of how computers work. The talent gap is simply too large, and layoffs in these areas are likely to be readily absorbed by new security startups and expanding companies. Many of the companies involved in cybersecurity reductions will almost certainly need to rehire next year or soon after.
Mark Sasson, managing partner and executive recruiter with the Pinpoint Search Group, agrees with this. “Maybe it’s going to be a little easier for organizations to recruit, because you’re getting an influx of experience into the market. However, I don’t think that’s a fix for the talent gap – it’s not going to have a mid to long term discernible impact. There are too few people that have the skills that organizations need today. And so, people are going to get scooped up and we’re still going to have the same situation with the talent gap.”
Cyber threats are still increasing and the demand for cyber defenders is still growing. Criminals are recruiting, not contracting.
Reducing the talent gap in cybersecurity will more likely depend on changing attitudes with employers than adding numbers from those that have been laid off. You could almost say that the cybersecurity talent gap is a self-inflicted wound: employers want experience plus certifications plus new university degrees – which rarely exists in the real world.
Michael Piacente, managing partner and co-founder at Hitch Partners recruitment firm, takes a similar view. “The internal definition on scope and goals often varies greatly resulting in shifts, time delays, and often rendering the position ‘unfillable’,” he told SecurityWeek. “Perhaps it is time to stop focusing so much on resumes and job descriptions. We see these tools as outdated and too often used as a crutch resulting in bad habits, and inconsistent behavior – and they are horribly unfair for under-experienced or diversity candidates.”
He takes this to the extreme and has never supplied resumes with his candidates. “Instead, we build a storyboard about the candidate created as a result of multiple meetings, interactions, and back channels in order to focus on the candidate’s journey, the human character elements as well as their matching and gaps for the particular role.” In short, the talent gap will more likely be reduced by redefining the gap than by seeking to match unrealistic demands to the existing work pool.
Dave Gerry, CEO of Bugcrowd, has a specific recommendation based on diversity candidates. He believes organizations need to be more open to the diversity pool – including neurodiversity (see Harnessing Neurodiversity Within Cybersecurity Teams). “Organizations,” he said, “need to continue to expand their recruiting pool, account for the bias that can currently exist in cyber-recruiting, and provide in-depth training via apprenticeships, internships and on-the-job training, to help create the next generation of cyber-talent.”
However, even if the influx of laid-off experience will have little overall or lasting effect on the macrocosm of the skills gap, it will almost certainly have an immediate effect on recruitment in the microcosm of the cybersecurity talent gap.
Cybersecurity is not immune to the current round of staff trimming – and it includes security leaders as well as security engineers. Ultimately, it’s a cost cutting exercise; and organizations can save as much money by cutting one leader’s position as they can by cutting two engineers. “Organizations are asking themselves if they can survive letting one person go but still get the job done with the remaining team,” explains Sasson. “If the answer is yes or even maybe, they’re tending to let go of the more highly paid and highly skilled people because they think maybe they can do more with less.”
That’s a top-down approach to staff reductions, but the same argument is used in a bottom-up approach. Joseph Thomssen is senior cybersecurity recruiter at NinjaJobs (a community-run job platform developed by information security professionals). “A company that is not security focused may feel like they can rely on their senior employees to pick up lower-level responsibilities,” he said, “and this can be detrimental to a security team.”
The overall result is that we now have laid off cybersecurity engineers looking for new employment, and we have employed cybersecurity leaders looking for alternative and safer positions. “Many of these layoffs in cybersecurity seem to be short-term attempts to save money,” adds Thomssen – but he fears it may backfire on companies reducing their security workforce. Expecting fewer staff to take on more responsibility will likely have a detrimental effect – it may cause burnout. “I call it the layoff/quit combination,” he said.
Piacente also notes the cuts are not simply targeted at weeding out under performing employees. “There are great candidates impacted due to them being in the wrong place at the wrong time; and we are seeing this industry wide.”
Of course, there are many cybersecurity experts who believe this is a false and dangerous approach, and that cybersecurity is a necessity that should be expanded rather than cut. But that is an argument put forward by every business department in times of economic stress.
One effect of the cybersecurity layoffs and the accompanying increase in the number of experienced people seeking employment is that the recruitment market is moving from a candidate market toward a hirer market – just like home buying fluctuates between a buyer and a seller market depending on supply (properties available) and demand (money to buy). For many years, experienced cybersecurity engineers have been able to pick and choose their employer, and demand somewhat inflated salaries and conditions; but that is no longer the case.
This is beginning to be apparent in the salaries offered. “They’re leveling off,” says Sasson, “maybe even going down. But this needs to be taken in the context of pretty dramatic increases from just a few quarters ago, during the candidate-driven market.” Sasson thought at the time that these were unsustainable. But now, “Folks that are looking for those massive compensation packages from just a year ago are going to have to adjust their expectations.”
Sam Del Toro, senior cybersecurity recruiter at Optomi, has seen a similar growing misalignment between compensation expectation and realization – especially in the more senior positions. Because of the layoffs, there are now more mid to senior level candidates looking for new opportunities.
“On the other hand,” he said, “over the past couple of years we have seen cybersecurity compensation rise significantly. Now, as organizations are tightening their budgets and being more fiscally aware, it is making it tough to align candidate and client compensation.”
Thomssen sees another and different effect of the evolving hirer’s market. “I have seen security staff recruitment switch from direct hires to roles based on shorter term project contracts. In the past you would not see security professionals entertain such contracts, but the security staff recruitment landscape has seen a shift that way.”
It’s not clear whether this will develop into a common long term approach to cybersecurity recruitment or will just be a short-term solution to economic uncertainty. Is the gig economy coming to cybersecurity? It’s been growing in many other segments of employment, and perhaps the current economic climate will boost an existing trend just as Covid-19 boosted remote working.
One visible sign might come with an increase in the employment of virtual CISOs (vCISOs). This would retain access to high level expertise while reducing costs. Another might be an increased use of managed security service providers (MSSPs). “We’re seeing more and more security operations outsourced to consultants and contractors, or to vCISOs and Global CISOs, or whatever you’d like to call it,” comments Mika Aalto, co-founder and CEO at Hoxhunt. But he adds, “This can work with smaller companies, but it’s risky. Security should be looked at as a competitive advantage and a growth strategy, not a luxury.”
Piacente’s firm has seen a 20% increase in the new candidate flow. While the primary cause is the economy, the detailed cause is difficult to isolate. Cybersecurity has always experienced rapid churn with staff from all levels regularly moving to a new company for promotion or improved remuneration. This churn continues, but is complicated by employed people just looking around – not because they are being laid off, but just in case they will be laid off.
At the same time, some people who might normally be on the lookout for better opportunities are choosing to keep what they have until more stable conditions return. “One other observation in these cycles,” adds Piacente, “is that candidates who fall into the diversity category tend to be more resistant to making a change. Since there are already significantly less candidates in this category it makes it more difficult for companies to achieve their goals of creating a more diverse organization or program. This is when companies really need to place care, attention, and a dose of reality into their change initiatives.”
Bugcrowd is a firm that has actively sought to recruit from the ‘diversity’ pool. “Employers need to take a more active approach to recruiting from non-traditional backgrounds, which, in turn, significantly expands the candidate pool from just those with formal degrees to individuals, who, with the right training, have incredibly high-potential,” comments Gerry.
It could be expected that with some companies laying off experienced staff and others simply not hiring new staff, breaking into cybersecurity for new, inexperienced or diverse people will become even more difficult. After all, companies reducing staff levels to save money are not likely to spend money on in-house training for new inexperienced staff.
Del Toro doesn’t see it quite like that – it has always been almost impossible. “I do not think that the influx of [experienced] candidates on the market has much of an impact on newcomers finding opportunities because there are simply not enough entry level cybersecurity roles in general,” he said. “Organizations are almost always looking for mid-level candidates and above rather than bringing on competent and excited newbies, because the latter takes much more than fiscal resources.”
It’s difficult to determine the actual number of experienced cybersecurity professionals being laid off among the overall staff reductions, but it is likely to be substantial. Although boards have become more open to the idea that security is a business enabler, there is nevertheless no discernible line between security and profit. There is, however, a direct line between security and cost. It is almost a no-brainer for security to be heavily featured among staff reductions. But this may be bad thinking.
For all layoffs, companies should proceed with caution. When large numbers of staff need to be cut for economic reasons, those same economic reasons may cause it to be done swiftly and perhaps brutally. These suddenly unemployed people will have inside knowledge of the company and its systems; and some will have thoughts of retaliation. At the same time, the company may have reduced the effectiveness of its cybersecurity team to counter a new threat from malicious recent insiders.
“Layoffs are affecting much of the tech industry and cybersecurity isn’t immune,” comments Mike Parkin, senior technical engineer at Vulcan Cyber. “While no department should really be immune when companies have to tighten their belts, the threat from losing skilled personnel in security operations can have a disproportionate effect.”
Overall, we’ve had a candidate market in cybersecurity recruitment but we’re shifting toward an employer market. Del Toro offers this advice for security people laid off and looking for a new position: “I would tell job seekers to be prepared for longer interview processes and longer time before offers are extended. Hiring managers are under more pressure to be diligent so candidates will need to be more cognizant of interview etiquette. Most importantly make sure you are keeping your skills sharp – use your time off to find passion projects and get better at your craft, not only to stay relevant in the security space but to renew your love for what you do!”
Related: Dozens of Cybersecurity Companies Announced Layoffs in Past Year
Related: US Gov Cybersecurity Apprenticeship Sprint: 190 New Programs, 7,000 People Hired
Related: How Will a Recession Affect CISOs?
Related: Four Ways to Close the OT Cybersecurity Talent Gap
The post The Effect of Cybersecurity Layoffs on Cybersecurity Recruitment appeared first on SecurityWeek.
Microsoft устранила баг, из-за которого приложение «Удаленный рабочий стол» (Remote Desktop от Microsoft) зависало при работе с системой Windows 11. Как всегда, причиной бага стали обновления, на этот раз — Windows 11 2022 Update.
“Ростелеком” ведет переговоры по приобретению “МегаФона” у USM Group. На фоне сообщений о возможной покупке растут акции “Ростелекома”. На “Мегафон” есть и другие претенденты, а сам USM уже начал реструктуризацию телекоммуникационных активов.
Исследователи из Horizon3 Attack Team обещают на этой неделе опубликовать эксплойт для цепочки уязвимостей, позволяющий удалённо выполнить код на непропатченных версиях VMware vRealize Log Insight.
Google доработала режим «Инкогнито» в Android-версии браузера Chrome. Теперь вкладки могут автоматически блокироваться, когда вы закрываете Chrome. Для просмотра контента придётся пройти аутентификацию.
В даркнете растут предложения продажи аккаунтов для работы на криптобиржах. Они недорогие и часто используются мошенниками для отмывания средств. Нынешний всплеск предложений связан с ограничениями, введенными криптобиржами против россиян. При этом в механизме остается много рисков.
The Iran-linked advanced persistent threat (APT) actor known as Moses Staff is leaking data stolen from Saudi Arabia government ministries using a recently created online persona.
Also referred to as Cobalt Sapling, Moses Staff has been likely active since November 2020, but its existence was not revealed until September 2021.
A declared anti-Israeli and pro-Palestinian group, the APT has posted on its leaks website 16 activities as of December 2022, mainly consisting of data stolen from Israeli companies, or the personal information of individuals affiliated with an Israeli intelligence unit of the Israel Defense Forces.
The group was previously linked to the use of the PyDCrypt custom loader, the DCSrv cryptographic wiper that encrypts data and displays a bootloader message, the StrifeWater remote access trojan (RAT), and the DriveGuard auxiliary tool deployed to monitor the RAT’s execution.
In November 2022, a seemingly new hacktivist group claiming affiliation to the Hezbollah Ummah Lebanese Shia Islamist political party and militant group announced their existence under the Abraham’s Ax name, but Secureworks believes that this new persona is operated by Cobalt Sapling, the same APT that operates Moses Staff.
Connections between the two groups, the cybersecurity firm says, are plenty, starting with the use of a similar logo, similarities in leak sites (both of which have Tor versions), and the hosting of these sites on the same subnet, nearly adjacent to each other.
Like Moses Staff, Abraham’s Ax uses a biblical figure for their persona, and their claimed affiliation to Hezbollah has yet to be proven, Secureworks says.
As part of their activities, both groups have released videos, often depicting “Hollywood-style hacking involving satellites, CCTV, 3D building models, and fast scrolling through documents allegedly stolen as part of their operations”.
The videos show repetition and evolution of visual themes, with Abraham’s Ax reusing stock video elements from Moses Staff, with additional visual embellishments on top.
To date, Abraham’s Ax has leaked data allegedly stolen from Saudi Arabia’s Ministry of the Interior and a video purportedly depicting an intercepted phone conversation between Saudi Arabian government ministers.
“Rather than attacking Israel directly, Abraham’s Ax attacks government ministries in Saudi Arabia. […] The group may be attacking Saudi Arabia in response to Saudi Arabia’s leadership role in improving relationships between Israel and Arab nations,” Secureworks notes.
The cybersecurity firm also notes that Abraham’s Ax does not appear to replace the Moses Staff persona, which has remained active, claiming in late November the hack of a CCTV system monitoring the site of a terrorist attack in Israel.
“Malware and technical indicators from Abraham’s Ax operations have not been identified. Assuming that both personas are operated by Cobalt Sapling, it is plausible that the threat actors use the same tools and techniques in their intrusions,” Secureworks notes.
Related: UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
Related: Iranian Hackers Deliver New ‘Fantasy’ Wiper to Diamond Industry via Supply Chain Attack
Related: Religious Minority Persecuted in Iran Targeted With Sophisticated Android Spyware
The post Iranian APT Leaks Data From Saudi Arabia Government Under New Persona appeared first on SecurityWeek.
Компания Lexmark выпустила обновление прошивки, устраняющее опасную уязвимость, которая затрагивает более ста моделей принтеров. В случае эксплуатации эта брешь позволяет выполнить вредоносный код удалённо.
Following the shutdown of the Hive ransomware operation by law enforcement, the US government has reminded the public that a reward of up to $10 million is offered for information on cybercriminals.
Authorities in the United States and Europe announced on Thursday the results of a major law enforcement operation targeting the Hive ransomware. More than a dozen agencies collaborated to take down the Tor-based leak website used by the group and other parts of its infrastructure, including servers located in Los Angeles.
The FBI revealed that Hive’s ‘control panel’ was hacked by agents in July 2022, allowing them to identify targets and obtain decryption keys that allowed victims to recover encrypted files. The FBI and Europol said they prevented the payment of more than $130 million to the cybercriminals.
The Hive ransomware operation was launched in June 2021 and it has since made more than 1,500 victims across roughly 80 countries. It’s believed that administrators and affiliates made approximately $100 million from ransom payments.
Authorities continue to investigate Hive in an effort to identify the threat actors involved in the operation, including developers, administrators and affiliates.
After the operation against Hive was announced on Thursday, the US State Department reiterated that it’s prepared to pay up to $10 million for information on the identity or location of foreign state-sponsored threat actors that have targeted critical infrastructure. This includes individuals linked to Hive.
At least some of the people involved in the Hive ransomware operation are believed to be Russian speakers. However, during a press conference announcing the law enforcement operation against Hive on Thursday, US officials refused to comment on potential ties to Russia, citing the ongoing investigation.
The US government previously reiterated its $10 million reward offer for leaders of the Conti ransomware operation, North Korean hackers, Russian intelligence officers, and DarkSide ransomware operators.
Related: US Government Shares Photo of Alleged Conti Ransomware Associate
Related: US Offers $10 Million Reward Against Election Interference
The post US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware appeared first on SecurityWeek.
В открытый доступ выложили исходные коды, предположительно, сервиса инвестиций на фондовом и валютном рынке — “Газпромбанк Инвестиции”. В файлах есть и персональные данные. Выгрузку опубликовали на том же форуме, куда накануне “слили” исходный код “Яндекса”.
Код демонстрационного эксплойта (proof-of-concept, PoC) для критической уязвимости в Windows CryptoAPI уже лежит в Сети. С его помощью злоумышленники могут провести спуфинг сертификата.
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are warning organizations of malicious attacks using legitimate remote monitoring and management (RMM) software.
IT service providers use RMM applications to remotely manage their clients’ networks and endpoints, but threat actors are abusing these tools to gain unauthorized access to victim environments and perform nefarious activities.
In malicious campaigns observed in 2022, threat actors sent phishing emails to deploy legitimate RMM software such as ConnectWise Control (previously ScreenConnect) and AnyDesk on victims’ systems, and abuse these for financial gain.
The observed attacks focused on stealing money from bank accounts, but CISA, NSA, and MS-ISAC warn that the attackers could abuse RMM tools as backdoors to victim networks and could sell the obtained persistent access to other cybercriminals or to advanced persistent threat (APT) actors.
Last year, multiple federal civilian executive branch (FCEB) employees were targeted with help desk-themed phishing emails, both via personal and government email addresses.
Links included in these messages directed the victims to a first-stage malicious domain, which automatically triggered the download of an executable designed to connect to a second-stage domain and download RMM software from it, as portable executables that would connect to attacker-controlled servers.
“Using portable executables of RMM software provides a way for actors to establish local user access without the need for administrative privilege and full software installation—effectively bypassing common software controls and risk management assumptions,” the US government agencies warn.
In some cases, the email’s recipient was prompted to call the attackers, who then attempted to convince them to visit the malicious domain.
In October 2022, Silent Push uncovered similar malicious typosquatting activity, in which the adversaries impersonated brands such as Amazon, Geek Squad, McAfee, Microsoft, Norton, and PayPal to distribute the remote monitoring tool WinDesk.Client.exe.
In the attacks targeting federal agencies, the threat actors used the RMM tools to connect to the recipient’s system, then entice them to log into their bank account.
The attackers used the unauthorized access to modify the victim’s bank account summary to show that a large amount of money had been mistakenly refunded, instructing the individual to send the amount back to the scam operator.
“Although this specific activity appears to be financially motivated and targets individuals, the access could lead to additional malicious activity against the recipient’s organization—from both other cybercriminals and APT actors,” CISA, NSA, and MS-ISAC note.
The agencies underline that any legitimate RMM software could be abused for nefarious purposes, that the use of portable executables allows attackers to bypass existing policies and protections, that antivirus defenses would not be typically triggered by legitimate software, and that RMM tools provide attackers with persistent backdoor access to an environment, without the use of custom malware.
CISA, NSA, and MS-ISAC also warn that the legitimate users of RMM software, such as managed service providers (MSPs) and IT help desks, are often targeted by cybercriminals looking to gain access to a large number of the victim MSP’s customers, which could lead to cyberespionage or to the deployment of ransomware and other types of malware.
To stay protected, organizations are advised to implement phishing protections, audit remote access tools, review logs to identify the abnormal use of RMM software, use security software to detect the in-memory execution of RMM software, implementing proper application control policies, restrict the use of RMM software from within the local network, and train employees on phishing.
Related: CISA Updates Infrastructure Resilience Planning Framework
Related: NSA, CISA Explain How Threat Actors Plan and Execute Attacks on ICS/OT
Related: NSA Publishes Best Practices for Improving Network Defenses
The post US Government Agencies Warn of Malicious Use of Remote Management Software appeared first on SecurityWeek.
Tens of cybersecurity companies have announced cutting staff over the past year as part of reorganization strategies, in many cases triggered by the global economic slowdown.
One of the most recent announcements was made by Sophos, which in mid-January confirmed reports that it’s laying off 10% of its global workforce. Roughly 450 people have reportedly lost their job as the company shifts focus to cybersecurity services, including managed detection and response.
At around the same time, identity verification company Jumio also confirmed laying off roughly 100 people.
In May 2022, cloud security company Lacework announced terminating 300 jobs, representing roughly 20% of its workforce.
Another company that laid off a significant portion of its workforce last year is OneTrust, which provides privacy, security, and data governance technology. Nearly 1,000 employees were let go, roughly a quarter of the firm’s workforce.
IronNet, the cybersecurity firm founded by former NSA director Keith Alexander, fired 17% of staff in June and another 35% in September due to significant problems.
In the fall, Cybereason announced plans to reduce its staff by 17%, just months after cutting 10% of its workforce. In total, the company fired approximately 300 employees.
Cloud security firm Aqua Security has laid off 10% of its workforce, and Malwarebytes terminated 14% of its staff (around 125 people). Gen Digital, created through the merger of antivirus companies Avast and NortonLifeLock, let go of a quarter of employees, in some cases due to their activities overlapping with the other company’s workers.
In October, developer security company Snyk — recently valued at $7.4 billion — announced that it had started restructuring and reducing its global workforce, impacting 198 employees, or 14% of its total workforce.
The same month, security and application delivery solutions provider F5 announced cutting approximately 100 roles, representing 1% of its global workforce.
Enterprise security solutions provider Forescout Technologies has reportedly laid off 100 of 170 employees at its R&D center in Israel, after firing 100 other employees in October.
The companies that sacked employees cited market conditions, strategic reorganization and shifting priorities when motivating their decision.
Data from Layoffs.fyi shows that tens of cybersecurity firms terminated staff over the past year. The list includes Tripwire, Deep Instinct, Pipl, Transmit Security, Tufin, Checkmarx, Varonis, Perimeter 81, and Armis.
On the other hand, many of those who have been terminated may not have any difficulties securing a job at a different company.
According to a study conducted by the nonprofit (ISC)², the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. However, the study found that an additional 3.4 million cybersecurity workers are needed, with 70% of the 11,000 cybersecurity professionals who took part in a survey conducted by the nonprofit saying that their organization does not have enough cybersecurity employees.
Related: How a VC Chooses Which Cybersecurity Startups to Fund in Challenging Times
Related: Predictions 2023: Big Tech’s Coming Security Shopping Spree
Related: Cybersecurity Workforce Study Needs to be Taken with a Pinch of Salt
The post Tens of Cybersecurity Companies Announced Layoffs in Past Year appeared first on SecurityWeek.
Рекрутинговые порталы отмечают рост числа вакансий для ИТ-специалистов. Он начался в ноябре 2022 года, когда у бизнеса появилась определенность с проектами на новый год, и усилился в январе на фоне инициатив властей запретить работать из-за границы.
25 января команда AM Live провела очередной стрим с участием экспертов российского инфобеза по защите от DDoS. В ходе дискуссии были проанализированы опыт защиты от DDoS-атак в «боевых» условиях 2022 года, даны рекомендации по организации эффективной защиты для критически важных веб-приложений. Эксперты высказали мнение о перспективах развития DDoS-атак против российских компаний на 2023 год.
Киберпреступники выставили на продажу якобы исходный код античит-софта для игр League of Legends и Packman. По словам самих злоумышленников, скомпрометированный код удалось добыть в ходе недавней атаки на разработчика — Riot Game.
Киберпреступники эксплуатируют опасную уязвимость в Realtek Jungle SDK, позволяющую выполнить вредоносный код удалённо. Всего специалисты насчитали 134 миллиона атак, в ходе которых злоумышленники пытались заразить умные устройства.
Forward Networks, a company that specializes in security and reliability solutions for large enterprise networks, has raised $50 million in a Series D funding round.
The funding round, which brings the total invested in the company to more than $110 million, was led by MSD Partners, with participation from Section 32, Omega Venture Partners, Goldman Sachs Asset Management, Threshold Ventures, A. Capital and Andreessen Horowitz.
Forward Networks’ product creates a digital twin of the customer’s network, helping them gain insights that can be used to make better decisions and improve their network’s security, compliance and health. The platform supports AWS, Google Cloud Platform, and Microsoft Azure.
For network security, the company’s platform provides attack surface management, vulnerability management and security posture management capabilities.
Forward Networks claims to have quadrupled its customer base since 2019 and achieved an ARR growth of 139% from 2021 to 2022.
Related: Network Security Company Corsa Security Raises $10 Million
Related: Whistic Raises $35 Million in Series B Funding for Vendor Security Network
Related: Network Security Firm Portnox Raises $22 Million in Series A Funding
Related: Zero Trust Network Access Provider Banyan Security Raises $30 Million
The post Forward Networks Raises $50 Million in Series D Funding appeared first on SecurityWeek.
Video games developer Riot Games on Tuesday confirmed that source code was stolen from its development systems during a ransomware attack last week.
The incident was initially disclosed on January 20, when the company announced that systems in its development environment had been compromised and that the attack impacted its ability to release content.
“Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained,” the company announced last week.
On January 24, Riot Games revealed that ransomware was used in the attack and that source code for several games was stolen.
“Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers,” the games developer said.
The company reiterated that, while the development environment was disrupted, no player data or personal information was compromised in the attack.
The stolen source code, which also includes some experimental features, will likely lead to new cheats emerging, the company said.
“Our security teams and globally recognized external consultants continue to evaluate the attack and audit our systems. We’ve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it,” Riot Games added.
The game developer also revealed that it received a ransom demand, but noted that it has no intention to pay the attackers. The company has promised to publish a detailed report of the incident.
According to Motherboard, the attackers wrote in the ransom note that they were able to steal the anti-cheat source code and game code for League of Legends and for the usermode anti-cheat Packman. The attackers are demanding $10 million in return for not sharing the code publicly.
Related: Ransomware Revenue Plunged in 2022 as More Victims Refuse to Pay Up: Report
Related: Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels
Related: The Guardian Confirms Personal Information Compromised in Ransomware Attack
The post Riot Games Says Source Code Stolen in Ransomware Attack appeared first on SecurityWeek.
Компания «Гарда Технологии» сообщила о получении сертификата ФСТЭК России для DLP-системы «Гарда Предприятие» и системы защиты баз данных «Гарда БД». Теперь обе системы официально соответствуют требованиям безопасности информации по 4 уровню доверия.
Следственный Комитет проверит госконтракт на поставку МВД устройств, взламывающих смартфоны. Поставщик прислал силовикам некачественное оборудование. Теперь его подозревают в мошенничестве на 26 млн руб.
Microsoft признала наличие проблемы, из-за которой меню «Пуск» перестаёт реагировать на действия пользователя, а отдельные приложение просто отказываются запускаться. Баг затрагивает клиентские версии ОС: Windows 10 20H2, 21H2, 22H2 и Windows 11 22H2.
Android 14 будет блокировать установку ряда приложений, предназначенных для устаревших версий мобильной ОС. С помощью такого нововведения Google хочет снизить риски установки потенциально опасных или вредоносных программ.
В открытый доступ попал второй фрагмент базы данных с клиентами, предположительно, “Почты России”. Первый дамп выложили в декабре в связке с Госуслугами. Файлы содержат ФИО, паспортные данные, СНИЛС и ИНН.
Microsoft says it is making a “multiyear, multibillion dollar investment” in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools that can write readable text and generate new images.
The tech giant on Monday described its new agreement as the third stage of a growing partnership with San Francisco-based OpenAI that began with a $1 billion investment in 2019. It didn’t disclose the dollar amount for its latest investment.
The partnership positions Microsoft to sharpen its competition with Google in commercializing new AI breakthroughs that could transform numerous professions, as well as the internet search business.
OpenAI’s free writing tool ChatGPT launched on Nov. 30 and has brought public attention to the possibilities of new advances in AI.
It’s part of a new generation of machine-learning systems that can converse, generate readable text on demand and produce novel images and video based on what they’ve learned from a vast database of digital books, online writings and other media.
Microsoft’s partnership enables it to capitalize on OpenAI’s technology. Microsoft’s supercomputers are helping to power the startup’s energy-hungry AI systems, while the Redmond, Washington-based tech giant will be able to further integrate OpenAI technology into Microsoft products.
“In this next phase of our partnership,” customers who use Microsoft’s Azure cloud computing platform will have access to new AI tools to build and run their applications, said a statement from Microsoft CEO Satya Nadella.
“There’s lots of ways that the models that OpenAI is building would be really appealing for Microsoft’s set of offerings,” said Rowan Curran, an analyst at market research firm Forrester. That could include helping to generate text and images for new slide presentations, or creating smarter word processors, Curran said.
The technology could also help Microsoft’s own search engine, Bing, compete with Google in answering search queries with more complete answers instead of just links.
OpenAI started out as a nonprofit artificial intelligence research company when it launched in December 2015. With Tesla CEO Elon Musk as its co-chair and among its early investors, the organization’s stated aims were to “advance digital intelligence in the way that is most likely to benefit humanity as a whole, unconstrained by a need to generate financial return.”
That changed in 2018 when it incorporated a for-profit business Open AI LP, and shifted nearly all its staff into the business, not long after releasing its first generation of the GPT model for generating human-like paragraphs of readable text. Musk also left its board in 2018.
OpenAI said in its statement announcing the deal Monday that it will still be governed by its nonprofit arm and that it remains a “capped-profit” company, though it didn’t specify what limits it sets on its profits.
“This structure allows us to raise the capital we need to fulfill our mission without sacrificing our core beliefs about broadly sharing benefits and the need to prioritize safety,” it said.
OpenAI’s other products include the image-generator DALL-E, first released in 2021, the computer programming assistant Codex and the speech recognition tool Whisper.
The investment announcement came a day before Microsoft was scheduled to report its earnings from the October-December financial quarter and after disclosing last week its plans to lay off 10,000 employees, close to 5% of its global workforce.
The post Microsoft Invests Billions in ChatGPT-Maker OpenAI appeared first on SecurityWeek.
ФСТЭК России предложил распространить требования к информбезопасности для госсектора на коммерческие компании, организующие защиту государственных данных. Для этого регулятор подготовил проект указа президента. Таких игроков на рынке много.
Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.
The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText’s Extended ECM, which is designed for managing the distribution and use of information across an organization. Specifically, the flaws impact the product’s Content Server component.
The security firm this week published three different advisories describing its findings.
OpenText was informed about the vulnerabilities in October 2022 and patched them earlier this month with the release of version 22.4, according to Sec Consult.
One of the critical vulnerabilities, tracked as CVE-2022-45923, can allow an unauthenticated attacker to execute arbitrary code using specially crafted requests.
The second critical flaw, CVE-2022-45927, impacts the Java Frontend of the OpenText Content Server component and can allow an attacker to bypass authentication. Exploitation could ultimately lead to remote code execution.
Sec Consult has also identified five types of vulnerabilities in the Content Server component that can be exploited by authenticated attackers.
These issues, rated ‘high impact’, can be exploited to delete arbitrary files on the server, escalate privileges, obtain potentially valuable information, launch server-side request forgery (SSRF) attacks, and execute arbitrary code.
Proof-of-concept (PoC) code is available for the high-impact issues, but the advisories describing the critical flaws do not include PoC code in an effort to prevent malicious exploitation.
Related: Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms
Related: InfiRay Thermal Camera Flaws Can Allow Hackers to Tamper With Industrial Processes
Related: OpenText Acquires Email Security Firm Zix for $860 Million
The post Critical Vulnerabilities Patched in OpenText Enterprise Content Management System appeared first on SecurityWeek.
Apple не оставила без внимания старенькие модели мобильных устройств iPhone и iPad, выпустив для них патчи, закрывающие уязвимость нулевого дня (0-day). Поскольку брешь уже эксплуатируется в атаках, всем владельцам устаревших iPhone и iPad настоятельно рекомендуется установить обновления.
Кибергруппировка NoName057(16), на участниках которой принято ставить штамп «русские хакеры», сообщила о DDoS-атаке на чешскую компанию Avast Software, занимающуюся разработкой одноимённого популярного антивируса.
Будьте бдительны: киберпреступники теперь используют вложения в формате OneNote при рассылке фишинговых писем. Задача злоумышленников в рамках этой кампании — установить вредоносную программу, открывающую доступ к устройству.
ИТ-интегратор “Группа Т1” готовится приобрести долю в одной из российских компаний, работающих в сегменте кибербезопасности. Развитие в этом направлении обсуждалось еще с 2021 года, когда холдинг входил в группу ВТБ. Сейчас рассматривают инвестиции в Positive Technologies и InfoWatch.
Разработчик видеоигр Riot Games, занимающийся такими популярными проектами, как League of Legends и Valorant, сообщил о задержке патчей. Причиной изменений в графике стал взлом среды разработки, который произошёл на прошлой неделе.
В Сети появился эксплойт для уязвимостей в официальном магазине приложений Samsung Galaxy App Store. С его помощью злоумышленники могут установить любое приложение без согласия пользователя, а также перенаправить его на вредоносный сайт.
В версии видеоигры GTA V для персональных компьютеров нашлась опасная уязвимость, которую в настоящее время уже эксплуатируют киберпреступники. Судя по всему, эксплойт позволяет выполнить вредоносный код удалённо и модифицировать файлы на целевом устройстве.
FBI Director Christopher Wray said Thursday that he was “deeply concerned” about the Chinese government’s artificial intelligence program, asserting that it was “not constrained by the rule of law.”
Cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands, according to data from Chainalysis.
Тинькофф открыл публичную программу по поиску ошибок и уязвимостей на BI.ZONE Bug Bounty. “Белые хакеры” будут искать пробелы в безопасности на сайтах и в мобильных приложениях банка. Багхантеры могут отказаться от вознаграждения в пользу благотворительных фондов.
Drupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data.
Больше всего в прошлом году подорожала стоимость нелегального сбора информации в операторах связи — рост 60%. Черные услуги “пробива” в банковских и госсистемах остались на уровне 2021 года. В целом рынок незаконного сбора информации прибавил в 2022 году почти четверть.
Авторы банковских троянов BlackRock и ERMAC для Android создали новый вредонос, также заточенный под атаки на владельцев мобильных устройств. Зловред, получивший имя Hook, оснащён интересными возможностями, позволяющими получить доступ к хранящимся на девайсе файлам и удалённо контролировать смартфон жертвы.
Wireless carrier T-Mobile on Thursday fessed up to another massive data breach affecting approximately 37 million current postpaid and prepaid customer accounts.
Специалисты французской ИБ-компании Synacktiv обнаружили в sudo возможность обхода политик sudoers при использовании опции –e (команды sudoedit), безопасно запускающей редактор. Уязвимость грозит несанкционированным изменением важных файлов и позволяет локально повысить привилегии до суперпользователя.
Cisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).
The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami on Wednesday, along with five associates in Europe, during an international operation against "darknet" markets.
A cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu could be exploited to achieve remote code execution (RCE) in multiple Azure services, cloud infrastructure security firm Ermetic has discovered.
Sophos has confirmed reports that it’s laying off employees. The company joins several other major cybersecurity companies that have announced cutting staff over the past year.
МТС выпускает собственное решение для управления сетевой инфраструктурой. Облачный провайдер #CloudMTS предлагает SD-WAN “под ключ”. Решение простое в использовании, установить и работать с ним может рядовой сотрудник. Партнером по разработке стал “Бизон”.
Microsoft признала наличие очередного бага, затрагивающего приложения в Windows 11. Согласно сообщениям, после восстановления системы софт не запускается или сбоит, выдавая пользователю ошибки.
Почтовый сервис MailChimp в очередной раз стал жертвой взлома, в ходе которого киберпреступникам удалось утащить ряд данных около 133 клиентов. Судя по всему, злоумышленники получили доступ к инструменту для управления аккаунтами.
От имени Роскомнадзора рассылают фишинговые сообщения. Фейковые тексты содержат требования удалить запрещенную информацию или уведомления о блокировке. В письмах нет электронной подписи, зато содержится зараженное вложение.
В маршрутизаторах Netcomm и TP-Link обнаружились уязвимости, эксплуатация которых может привести к удалённому выполнению кода. Среди брешей есть классическое переполнение буфера, обход аутентификации и возможность раскрытия информации.
Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities.
Over 200 of the patches resolve security defects that can be exploited remotely without authentication. Some of the resolved bugs impact multiple products.
Атака на видеохостинг Rutube готовилась задолго до спецоперации, заявил глава “Газпром-медиа” Александр Жаров. По его словам, похожую стратегию использовали хакеры, пытавшиеся уничтожить мирную атомную программу Ирана.
В декабре Главный радиочастотный центр Роскомнадзора запустил единую платформу верификации телефонных вызовов (ЕПВВ) “Антифрод”. Она нужна для борьбы с телефонными мошенниками. Сейчас к системе подключена “большая тройка”, ждут остальных.
Код демонстрационного эксплойта (proof-of-concept, PoC) для критической уязвимости в ряде продуктов Zoho ManageEngine обещают опубликовать на этой неделе. Этот PoC позволяет удалённо выполнить код в обход аутентификации.
Исследователи из Fortinet обнаружили на сайте PyPi[.]org вредоносные пакеты colorslib, httpslib и libhttps, опубликованные под аккаунтом Lolip0p. До удаления из репозитория три модуля успели суммарно собрать более 550 загрузок.
Avast and Bitdefender have released decryptors to help victims of BianLian and MegaCortex ransomware recover their data for free.
Written in Golang, BianLian emerged in August 2022 and has been used in targeted attacks against entertainment, healthcare, media, and manufacturing organizations.
В прошлом году кибератаки заставили задуматься о безопасности даже самых беспечных. Поэтому Positive Technologies решила сделать двенадцатый форум по информационной безопасности Positive Hack Days еще более открытым и масштабным: он пройдет в Центральном парке культуры и отдыха им. М. Горького в Москве 19 и 20 мая 2023 года.
Рустэм Хайретдинов займет пост заместителя генерального директора в компании “Гарда Технологии”. Авторитетный эксперт в сфере информационной безопасности будет отвечать за реализацию стратегии роста бизнеса компании.
Программы-вымогатели останутся главной кибербедой бизнеса в 2023 году. Свой аналитический отчет публикует Group-IB. Будут расти продажи доступов ко взломанным корпоративным сетям, а стилеры станут главным источником доступов в компанию.
Более 290 материнских плат от MSI по умолчанию содержат небезопасную настройку UEFI Secure Boot, позволяющую загружать образ операционной системы с некорректной или отсутствующей подписью.
