Aggregator

In this Help Net Security interview, Riaz Lakhani, CISO at Barracuda Networks, discusses the effectiveness of AI-based behavioural analysis in combating sophisticated email threats like BEC and VEC. Lakhani also explains how AI tools help detect malicious email activity and address the limitations of traditional security measures. How effective is AI based behavioural analysis in combating sophisticated email threats like BEC and supply chain VEC, and what are its limitations? Attackers can leverage generative AI … More →

The post Why AI alone can’t protect you from sophisticated email threats appeared first on Help Net Security.

We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous accounts can be challenging. Password managers simplify this by securely storing all your passwords so you don’t have to remember them. In this article, you’ll find a list of free, open-source password managers for Android devices worth checking out. KeyGo KeyGo is a secure, open-source password manager for Android that encrypts … More →

The post Open-source and free Android password managers that prioritize your privacy appeared first on Help Net Security.

A report published by Barracuda Networks warns that sextortion attacks are getting even more personal and payment demands have increased.

The post Barracuda Networks Report Sees Sextortion Becoming More Personalized appeared first on Security Boulevard.

黑客利用 ZIP 文件串联技术以 Windows 计算机为目标，在压缩档案中传递恶意负载，而目前安全解决方案却无法检测到它们。

该技术利用了 ZIP 解析器和存档管理器处理串联 ZIP 文件的不同方法。有安全公司发现了这一新问题，在分析利用虚假发货通知引诱用户的网络钓鱼攻击时，发现了隐藏木马的串联 ZIP 存档。

安全研究人员发现，该附件伪装成 RAR 存档，并且恶意软件利用 AutoIt 脚本语言来自动执行恶意任务。

网络钓鱼电子邮件将特洛伊木马隐藏在串联的 ZIP 文件中

将恶意软件隐藏在“损坏的”ZIP 中

攻击的第一阶段是准备阶段，威胁者创建两个或多个单独的 ZIP 存档，并将恶意负载隐藏在其中一个中，剩下的则保留无害的内容。

接下来，通过将一个文件的二进制数据附加到另一个文件，将其内容合并到一个组合的 ZIP 存档中，将单独的文件连接成一个文件。尽管最终结果显示为一个文件，但它包含多个 ZIP 结构，每个结构都有自己的中心目录和结束标记。

ZIP 文件的内部结构

利用 ZIP 应用程序漏洞

攻击的下一阶段依赖于 ZIP 解析器如何处理串联档案。安全公司测试了 7zip、WinRAR 和 Windows 文件资源管理器，得到了不同的结果：

·7zip 仅读取第一个 ZIP 存档（这可能是良性的），并可能生成有关其他数据的警告，用户可能会错过这些数据

·WinRAR 读取并显示这两个 ZIP 结构，显示所有文件，包括隐藏的恶意负载。

·Windows 文件资源管理器可能无法打开串联文件，或者如果使用 .RAR 扩展名重命名，则可能仅显示第二个 ZIP 存档。

根据应用程序的行为，威胁者可能会微调他们的攻击，例如将恶意软件隐藏在串联的第一个或第二个 ZIP 存档中。 

研究人员在尝试 7Zip 攻击中的恶意存档时还发现，只显示了一个无害的 PDF 文件。不过，使用 Windows 资源管理器打开它会发现恶意可执行文件。

7zip（上）和 Windows 文件资源管理器（下）打开同一文件

为了防御串联的 ZIP 文件，安全研究人员建议用户和企业用户尽可能使用支持递归解包的安全解决方案。一般来说，应谨慎对待附加 ZIP 或其他存档文件类型的电子邮件，并应在关键环境中实施过滤器以阻止相关文件扩展名。

Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures are no longer sufficient. The study, involving over 2,000 decision-makers across the US, UK, India, and Brazil, paints a picture of escalating risks, outdated strategies, and a pressing need for transformative change. The status quo is unsustainable Despite high confidence among security leaders (96% feel capable of managing their environments), a gap exists between perception and reality. … More →

The post Google report shows CISOs must embrace change to stay secure appeared first on Help Net Security.