Password managers aren't foolproof, but they do help mitigate risks from weak credentials and password reuse. Following best practices can contribute to a company's defenses.

Over the past few months, several leading password managers have been victims of hacking and data breaches. For instance, LastPass, which experienced a massive breach last year, recently announced again that the company's password vault has been stolen. And thanks to the bad practice of reusing passwords too often, Norton LifeLock also reported compromises to its password manager.

Why are password managers so attractive to cybercriminals? It's simple. Password managers hold the "keys to the castle." If a password manager gets compromised, attackers gain access to all stored passwords at once, which means they can walk into any secured environment or impersonate any user, circumventing all cybersecurity defenses. The market for password managers is growing rapidly, and attackers will target anything that can get more bang for their buck.

**Attractive Targets**

Some of the most common ways password managers are being hacked include:

**1\. Malware-Targeting Password Managers**

Malware programs have been targeting password managers for the last several years. In 2014, malware called Citadel, designed to target password managers, became notorious for having compromised one in 500 PCs worldwide. However, back then, only a small number of users used a password manager. Today, the average person needs to remember upward of 100 passwords, which is why the market for password managers and the malware market for targeting them are both growing.

For example, the attack on the Solana blockchain last year that resulted in a $7 million heist was caused by malware that targeted crypto wallets and password managers called Luca Stealer; another Trojan, dubbed StealC, specifically targets browser extensions and authenticators by password managers; password stealers targeting Web browsers have also been around for decades.

**2\. Phishing Attacks Against Password Managers**

Phishing attacks targeting password managers are on the rise. For example, in January 2023, researchers came across Google Ads that were redirecting victims to fake Bitwarden and 1Password pages, trying to steal their master credentials. What's more, customers of password managers such as LastPass, who have already had their credentials exposed in an earlier data leak, are at an increased risk of scams and phishing attacks. Attackers know their email addresses, phone numbers, and the online services they use, and therefore they can be easily targeted using a variety of phishing techniques.

**3\. Software Vulnerabilities in Password Managers**

Just like all other forms of software, password managers are prone to vulnerabilities. Recently, researchers reported a vulnerability in KeePass that could allow attackers to export all usernames and passwords in clear text. Earlier this year, Google discovered that popular password managers such as Dashlane, Bitwarden, and Apple's Safari browser password manager can all be manipulated into auto-filling passwords on untrusted pages.

**4\. Credential-Stuffing Attacks Using Leaked Credentials**

Credential-stuffing attacks are becoming increasingly common. This is a type of attack where threat actors leverage previously leaked credentials (nearly 25 billion of these are for sale on underground marketplaces) to gain unauthorized access into websites, applications, and networks. Most password managers have a "master password" to access all credentials, and since 65% of users reuse their passwords across different websites, it's possible that attackers use brute-force techniques or make educated guesses on the possible password combinations. Late last year, LastPass confirmed a credential-stuffing attack against some of its users.

**Do Password Managers Make Sense in 2023?**

The benefits of having a password manager far outweigh the risks. Password managers help mitigate two of the biggest risks for users and businesses — weak credentials and password reuse. Yes, attacks on password managers are on the rise, but the probability of a business being attacked due to poor credentials or password reuse is much higher than the likelihood of a password manager getting hacked.

There are a number of things organizations can do to mitigate the risks of password managers:

*   **Security-train employees:** Most password-stealing malware gets installed when users get phished or social engineered — users download, click, or open something they shouldn't have. This is why it is extremely important for organizations to instill secure behavior in employees (alertness, strong passwords, safe browsing, responsible use of social media, not trusting anything at face value, etc.) so they don't fall victim to a phishing attack.
*   **Patch regularly:** Make sure you patch all your software and systems regularly. Unpatched software is the second-biggest reason password-stealing Trojans get installed on computers. Ensure you check and install all critical patches, especially the ones that are featured on CISA's Known Exploited Vulnerability Catalog.
*   **Use phishing-resistant multifactor authentication:** Use phishing-resistant MFA or passwordless options wherever you can. Not just to protect the master password on your password manager, but also on all of your critical websites, applications, and services.
*   **Check password-dump websites for leaked credentials:** Check online leaked-password websites (such as haveibeenpwned.com) or take breach password tests to ascertain if any of your credentials are floating around in online databases.
*   **Use a good password manager:** Use password managers that deploy strong encryption; that follow secure development life cycle (SDLC) programming; are responsive, transparent, and responsible to their customers; and that promote security features such as MFA, passwordless options, contextual features (user gets locked out if it's an unknown device or location), and phishing-detection capabilities.

Are password managers foolproof? Nope. But nothing is these days. The operating systems we use, the devices and applications we use — everything is hackable. Password managers come with some great benefits — they can tell you if your password is strong or not, they prevent you from reusing your password, some can stop you from entering credentials into bogus URLs, and some will even alert you when a website gets compromised.

As long as organizations follow the above tips and best practices, password managers can prove to be a vital tool in the defense arsenal of any organization.

How Password Managers Can Get Hacked

Your iPhone, iPad, and Mac now have a built-in password feature, complete with two-factor authentication.

Most people don't use a password manager or two-factor authentication—even people who know it's a good idea—because installing and managing _yet another app_ just sounds exhausting. Well, if you're an Apple user, you don't need another app anymore: Your device can manage your passwords and generate two-factor authentication codes for you, and you can even sync them with a Windows computer.

Password managers are important. Why? To quickly summarize, using the same password for every website and app is an open invitation for hackers to access all of your accounts. That's because passwords regularly leak, and a leaked password on one site can give hackers access to all your other accounts if you use the same password everywhere. It's best, then, to use a totally different password on every site, but no human being can remember that many passwords.

Password managers are the best solution we have at the moment, because they can generate, and then store, secure passwords for all of your services. Most people don't use one, though, because such apps can be complicated to learn, and the best ones aren't free.

So it's great that Apple offers such functionality. But there's a downside: It's a little buried, if not outright hidden. Still, if you're a Safari user with multiple Apple devices, this feature means you can quickly generate and save secure passwords for all of your accounts. Here's how. Note that you'll need a (free) iCloud account for this service to sync passwords between devices, though if you're an Apple user you almost certainly already have one.

Create Passwords

To get started, you may need to enable the feature, which you can find in System Settings on your device under **Passwords**. Make sure **iCloud Keychain** is turned on. Windows users should also install iCloud for Windows, which can sync your passwords with Chrome or Microsoft Edge.

The simplest way to add passwords to Apple's hidden password manager is to just start using your devices and saving passwords as you go. When you sign into any online account in Safari, or in any app on your iPhone or iPad, there's generally a pop-up asking if you want to save the password in your **iCloud Keychain for AutoFill.** This is the simplest way to add accounts: Just hit the **Save Password** button and your username and password will be saved.

Alternatively, if you're signing up for a new account, you will generally be offered an automatically generated strong password—if not, you can tap the key icon at the top of the keyboard on mobile or in the right side of the password field on desktop. Either way you should see the **Add New Password** option, which can automatically create a strong password for you.

From now on, when you log in to the site, your device will offer to fill out the username and password for you. It will generally use TouchID, FaceID, or your system password to confirm you identity, after which the username and password field will be filled in. This saves you from having to remember the passwords, and even the usernames, you use to log in to websites.

Browse and Edit Your Passwords

You might be wondering _where_, exactly, all of these passwords are saved. Let's head back to **Passwords** in System Settings. Here you will find a list of all the passwords you've saved.

Apple via Justin Pot

At the top of the list is a **Security Recommendations** function, which will cross-reference your saved passwords with known lists of leaked accounts. This is a useful way to know if any of your passwords absolutely need to be changed.

Below that is a search bar, which you can use to quickly find any account. Open an account to see the username, password, and URLs associated with the account. You can also add a note to any account, if you want.

Two-Factor Authentication

We've talked about how two-factor authentication keeps you more secure, but basically it means that a hacker who gets your password won't be able to log in unless they _also_ have physical access to your device. Generally two-factor authentication requires installing _yet another_ app, for generating codes, but Apple devices have this feature built in, and they can even fill in the field for you.

Head back to your list of passwords in the System Settings app. Open any account and you'll see a **Set Up Verification Code** field.

Apple via Justin Pot

Tap this and you can set up two-factor authentication for the application. How to do this depends on the specific service you're setting it up for, but it's generally in the settings of the specific app or website. You'll have a QR code to sign or, alternatively, a long code to copy.

Apple via Justin Pot

After setting this up, your Apple device will automatically offer verification codes for you every time you log in to the service on any of your devices. It's really slick, and it's a lot faster than applications like Authy or Google Authenticator.

Importing and Exporting Passwords

Note that if you have an existing password manager, you can import your passwords to Apple's system. Head back to **Passwords** in the settings app and hit the three-dot button on the right above your list of passwords. Here you will see the option to **Import passwords**.

Apple via Justin Pot

You will need to export your passwords to a CSV file before you can use this functionality. Here are instructions for the leading password managers:

*   1Password
*   LastPass
*   Bitwarden
*   Dashlane
*   Google Chrome

You can also **Export** your Apple passwords to a CSV file from here, allowing you to import them into one of these password managers. We've outlined  the best password managers for you; my personal recommendations are Bitwarden, which is free and open source, and 1Password, which is powerful and free to use.

There's not a lot of reason for the Apple faithful to do this, though. As we've outlined, Apple's password system does most of what these applications can do. The main problem is that they're hidden. 

Recently the blogger Cabel Sasser argued that Apple Passwords needs an app, which is part of why I wrote this guide. I'm not sure if I agree with his premise—I suspect most people would simply ignore any “Passwords” app, the way they ignore most applications that come bundled with their devices. Still, it is true that all of this functionality is pretty buried. I hope this article helps you find it.

How to Use Apple’s New All-In-One Password Manager

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses.
"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages

Mobile Security / Malware

Malicious loader programs capable of trojanizing Android applications are being traded on the criminal underground for up to $20,000 as a way to evade Google Play Store defenses.

"The most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners, and even dating apps," Kaspersky said in a new report based on messages posted on online forums between 2019 and 2023.

Dropper apps are the primary means for threat actors looking to sneak malware via the Google Play Store. Such apps often masquerade as seemingly innocuous apps, with malicious updates introduced upon clearing the review process and the applications have amassed a significant user base.

This is achieved by using a loader program that's responsible for injecting malware into a clean app, which is then made available for download from the app marketplace. Users who install the tampered app are prompted to grant it intrusive permissions to facilitate malicious activities.

The apps, in some instances, also incorporate anti-analysis features to detect if they are being debugged or installed in a sandboxed environment, and if so, halt their operations on the compromised devices.

As another option, threat actors can purchase a Google Play developer account – either hacked or newly created by the sellers – for anywhere between $60 and $200, depending on the number of already published apps and download counts.

App developer accounts lacking in strong password or two-factor authentication (2FA) protections can be trivially cracked and put up for sale, thereby allowing other actors to upload malware to existing apps.

A third alternative is the use of APK binding services, which are responsible for hiding a malicious APK file in a legitimate application, for distributing the malware through phishing texts and dubious websites advertising cracked games and software.

Binding services, as opposed to loaders, cost less owing to the fact that the poisoned apps are not available via the Google Play Store. Notably, the technique has been used to deliver Android banking trojans like SOVA and Xenomorph in the past.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter - Proven Strategies

Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!

Don't Miss Out – Save Your Seat!

Some other illicit services offered for sale on cybercrime markets include malware obfuscation ($30), web injects ($25-$80), and virtual private servers ($300), the latter of which can be used to control infected devices or to redirect user traffic.

Furthermore, attackers can buy installs for their Android apps (legitimate or otherwise) through Google Ads for $0.5 on average. Installation costs vary based on the targeted country.

To mitigate risks posed by Android malware, users are recommended to refrain from installing apps from unknown sources, scrutinize app permissions, and keep their devices up-to-date.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Cybercriminals Turn to Android Loaders on Dark Web to Evade Google Play Security

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.

**Key Features**

*   Audio Engine
    *   plays mp3, mp4/m4a/alac/aac, ogg, opus, wma, flac, wav, ape, wv, tta, mpc, aiff, dsd (dff/dsf), mka, mpga, tak, flv (audio), and other formats
    *   optimized graphical equalizer: 5-32 bands, presets, custom and audio device assignable presets
    *   parametric equalizer: each band added and configured manually
        *   Low Pass/High Pass, Low Shelf/High Shelf, Band Pass, Peaking Band filters
    *   powerful Bass and Treble adjustment
    *   stereo expansion, mono mixing, balance
    *   tempo control, reverb effect
    *   Float32 internal sample format, Float64 DSP processing, up to 384 kHz sampling rate, selectable SWR/SoX resampler, multiple dither options, various per-output settings
    *   Hi-Res Output (where supported by the device)
    *   unique Direct Volume Control (DVC) for the extended dynamic range and deep bass
    *   crossfade
    *   gapless
    *   replay gain
    *   30/50/100+ volume levels (Android 5-11), SoundAssistant 150 levels support
    *   audio info with the detailed audio processing information
    *   AutoEQ .txt preset importing
*   User Interface
    *   visual themes, 3rd party skin support with the skin options as defined by skin Author
    *   spectrum and .milk compatible visualizations
    *   album art downloading, including high resolution album art formats; artist images downloading and per-category user-selectable images
    *   highly configurable widget types
    *   lock screen options
    *   sleep timer
*   Library and Folders
    *   plays songs from from own categorized Library or Folders (flat or hierarchy)
    *   optional dynamic Queue category
    *   advanced Shuffle and Repeat modes
        *   Shuffle Songs, Categories
        *   Shuffle Randomization options (Less random..Full Random)
    *   embed and standalone .CUE files support
    *   support for m3u, m3u8, pls, wpl playlists, m3u8 playlist exporting
    *   multiple Artists, Album Artists, Composers per track support
        *   with configurable split characters
    *   tag editor
*   Android Auto support
*   Google Assistant support
*   casting to Chromecast-enabled devices
*   http streaming via imported m3u8 or user created playlists
*   headset support, automatic Resume on headset and/or BT connection options
*   lyrics support, embedded lyrics and multiple 3rd party lyrics search apps supported
*   high level of customization via settings
*   open Poweramp API
*   works on any Android starting from 5+
*   settings/data export and import
*   constantly updated with the new features and support for the new Android versions
*   localized to 30 languages

**Download 15 days Trial:**

*   Google Play
*   This site (.apk)

**Try new beta releases:**

*   Poweramp new releases

CVE-2023-27645: Poweramp – Music Player for Android

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers.
The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary

Software Security / Cryptocurrency

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers.

The sophisticated typosquatting campaign, which was detailed by JFrog late last month, impersonated legitimate packages to execute PowerShell code designed to retrieve a follow-on binary from a hard-coded server.

The two-stage attack culminates in the deployment of a .NET-based persistent backdoor, called Impala Stealer, which is capable of gaining unauthorized access to users' cryptocurrency accounts.

"The payload used a very rare obfuscation technique, called '.NET AoT compilation,' which is a lot more stealthy than using 'off the shelf' obfuscators while still making the binary hard to reverse engineer," JFrog told The Hacker News in a statement.

.NET AoT compilation is an optimization technique that allows apps to be ahead-of-time compiled to native code. Native AOT apps also have faster startup time and smaller memory footprints, and can run on a machine without .NET runtime installed.

The second-stage payload comes with an auto-update mechanism that enables it to retrieve new versions of the executable from a remote location. It further achieves persistence by injecting JavaScript code into Discord or Microsoft Visual Studio Code apps, thereby activating the launch of the stealer binary.

The binary then proceeds to search for the installation of the Exodus Wallet desktop application and inserts JavaScript code into various HTML files in order to harvest and exfiltrate sensitive data to a hard-coded Discord webhook.

The JavaScript snippet, for its part, is fetched from an online paste website from where it's already been deleted. That said, it's suspected that the code may have been used to steal user credentials and access other information of interest.

"The bad actors used typosquatting techniques to deploy a custom malicious payload \[...\] which targets the Exodus crypto wallet and leaks the victim's credentials to cryptocurrency exchanges, by using code injection," Shachar Menashe, senior director at JFrog Security Research, said.

UPCOMING WEBINAR

Learn to Secure the Identity Perimeter - Proven Strategies

Improve your business security with our upcoming expert-led cybersecurity webinar: Explore Identity Perimeter strategies!

Don't Miss Out – Save Your Seat!

"Our investigation proves no open source software repository is completely trust-worthy, so safety measures should be taken at every step of the software development lifecycle to ensure the software supply chain remains secure."

The findings come as Phylum unearthed a malicious npm package named mathjs-min that was uploaded to the repository on March 26, 2023, and found to harbor a credential stealer that grabs Discord passwords from the official app as well as web browsers like Google Chrome, Brave, and Opera.

"This package is actually a modified version of the widely used Javascript math library mathjs, and was injected with malicious code after being forked," the software supply chain security firm said. "The modified version was then published to NPM with the intention of passing it off as a minified version of the genuine mathjs library."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

 Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

_stop_2023/04/10

国土数値情報・位置参照情報データ公開のお知らせ

令和４年度に作成・更新した下記のデータについて令和５年５月～６月にかけて公開いたします。  
（公開予定データ・順不同）  
土地利用３次メッシュ、土地利用細分メッシュ、都市地域土地利用細分メッシュ、土地利用詳細メッシュ（土地利用メッシュデータ公開範囲：北陸、関東、中部）  
行政区域、国・都道府県機関、市町村役場等及び公的集会施設、  
洪水浸水想定区域、土砂災害警戒区域、津波浸水想定、高潮浸水想定区域、雨水出水浸水想定区域、  
高速道路時系列、バス停留所、バスルート、鉄道、鉄道時系列、駅別乗降客数  
位置参照情報

_stop_2023/03/31

国土数値情報データ変換ツールの提供停止について

国土数値情報ダウンロードサイトにて提供してきた『国土数値情報データ変換ツール』に、  
XML外部エンティティ参照の不適切な制限の脆弱性(CWE-611)が判明したため提供を停止しました。  
過去に、当該ツールをダウンロードしているご利用者におかれましては、当該ツールの利用停止・削除を実施いただくようお願い申し上げます。  
詳しくはこちらをご覧ください。

_stop_2023/03/24

システムのメンテナンスに伴うホームページの運営について

2023年3月28日（火）14:00～16:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/11/28

システムのメンテナンスに伴うホームページの運営について

2022年12月1日（木）14:00～17:00、及び2022年12月2日（金）14:00～15:00にシステムのメンテナンスを行います。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/9/14

ビジネスアイデアコンテスト『イチBizアワード』開催

内閣官房主催「地理空間情報」を活用したビジネスアイデアコンテスト『イチBizアワード』の公募が、2022年7月19日より開始しており、2022年9月30日（金）18:00まで受付中とのことです。本コンテストについて内閣官房よりメッセージが届いておりますので紹介いたします。  
なお、応募方法や詳細については、公式サイトをご覧ください。  
https://www.g-idea.go.jp/

（内閣官房のメッセージ）  
内閣官房では地理空間情報のポテンシャルを最大限活かした新しいサービスビジネスが生まれ、発展することで、よりよい社会や生活を実現し未来を切り開きたい、という思いで『イチBizアワード』を企画いたしました。  
『イチBizアワード』では、「いつ、どこで、何が、どのような状態か」といった、位置や時間に関する情報を活用したものであれば、どんなアイデアでも自由にご応募いただけます。  
既にあるビジネスアイデアやこんなサービスがあったらいいなという、ちょっとしたアイデアまで、沢山のアイデアの応募をお待ちしています。  
応募いただいたアイデアは、専門知識や発信力をもつ審査員に審査いただき、「事業化部門」「マッチング部門」「ちょっとしたサービスアイデア部門」の３つの部門で表彰します。  
加えて協賛企業とのマッチングの機会もあり、実現に向けて後押しします。 奮ってのご応募をお待ちしております。

_stop_2022/8/9

システムのメンテナンスに伴うホームページの運営について

2022年8月17日（水）14:00～17:00にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的にできなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いいたします。

_stop_2022/07/05

システムのメンテナンスに伴うホームページの運営について

2022年7月7日（木）13:00～15:30、及び2022年7月8日（金）15:30～16:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的にできなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いいたします。

_stop_2022/06/06

システムのメンテナンスに伴うホームページの運営について

2022年6月9日（木）16:00～17:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的にできなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いいたします。

_stop_2022/03/28

システムのメンテナンスに伴うホームページの運営について

2022年3月30日（水）17:00～18:00にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/03/24

利用者アンケートを開設しました

当サイトへの感想やご意見を募集するアンケートを開設しました。画面左メニューの「利用者アンケート」からご回答いただけます。  
ご回答いただました内容は今後のサイト運営に役立てて参りますので、是非ご協力の程よろしくお願いいたします。

_stop_2022/03/23

システムのメンテナンスに伴うホームページの運営について

2022年3月25日（金）18:00～18:10にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/02/22

位置参照情報ページについて

本日14:00頃、位置参照情報ページが復旧いたしました。  
利用者の皆さまには大変ご迷惑をおかけしました。今後ともよろしくお願いします。

_stop_2022/02/19

システムのメンテナンスに伴うホームページの運営について

GISホームページは、現在、メンテナンス中でホームページに断続的にアクセスができなくなることがあります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/02/18

システムのメンテナンスに伴うホームページの運営について

2022年2月24日（木）15:00～15:10にシステムのメンテナンスを行います。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2022/02/14

システムのメンテナンスに伴うホームページの運営について

2022年2月18日（金）18:30～19:30にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2021/11/10

システムのメンテナンスに伴うホームページの運営について

2021年11月13日（土）9:00～10:00にシステムのメンテナンスを行います（進捗状況により延長する可能性があります。）。  
そのため、メンテナンス中は、GISホームページへのアクセスが断続的に出来なくなります。  
利用者の皆さまには大変ご迷惑をおかけしますがよろしくお願いします。

_stop_2021/01/12

システムのメンテナンスに伴うホームページの運営について

2021年1月15日（金）にシステムのメンテナンスを行います。  
それに伴い、よりセキュリティが強固な設定となり、セキュリティが弱い暗号化を使用しているブラウザからは接続できなくなります。  
閲覧できない場合は、現在ご利用のMicrosoft Edge、Mozilla Firefox、Google Chromeが最新のバージョンかご確認いただき、最新のバージョンへアップデートをお願いいたします。

_stop_2020/12/12

三大都市圏計画区域データ PDF･KMLダウンロードページ開設のお知らせ

こちらに 国土数値情報 三大都市圏計画区域 データから作成した、PDF･KMLファイルのダウンロードページを開設しました。

_stop_2020/07/07

ウェブマッピング調整中のお知らせ　（対応完了しました）

ウェブマッピングシステムは、現在データセットを準備中です。準備ができ次第、順次公開いたします。  
国土数値情報データの内容を確認するには、GISをご利用になるか、geojson形式のファイルをご利用ください。

_stop_2020/07/01

GISホームページ業務移管のお知らせ

令和２年度の国土交通省の組織改編に伴い7月1日よりGISホームページは以下の局に移管となります。  
国土数値情報・位置参照情報　不動産・建設経済局  
国土調査（土地分類調査・水調査）　国土政策局

_stop_2020/06/30

国土数値情報閲覧マニュアル公開のお知らせ

国土数値情報閲覧マニュアル（QGIS）、Geojsonデータ閲覧マニュアルの公開を開始いたしました。  
こちらからダウンロードの上、ご活用ください。  
（現在、ウェブマッピングシステムは調整中になっております。国土数値情報データの内容確認にはこちらのマニュアルをご活用ください。）

_stop_2020/05/18

【重要】GISホームページのリニューアルのお知らせ

2020/05/18よりGISホームページをリニューアルしました。  
なお、一部のデータについては、今後今月末を目処に順次登録して参りますので、データが登録されるまで今しばらくお待ち願います。

（2020/05/22追記）  
GISホームページで対応するブラウザは以下のとおりです。  
対応ブラウザ以外をご利用された場合、画面が正しく表示されない場合がございます。  
Microsoft Edge （最新版）、Mozilla Firefox （最新版）、Google Chrome （最新版）  
ご不明な点などがございましたら、以下の問い合わせ窓口までご連絡願います。  
国土数値情報問合せ受付け窓口　：shitsumon@ksjask.info

CVE-2023-25955: お知らせ

Categories: News
Tags: TikTok

Tags:  Super FabriXss

Tags:  Twitter

Tags:  macOS malware

Tags:  ransomware

Tags:  2023 State of Malware

Tags:  Western Digital

Tags:  Android

Tags:  endpoint security

Tags:  ChatGPT

Tags:  K-12

Tags:  IoT

Tags:  Facebook

Tags:  targeted advertising

Tags:  Google

Tags:  data theft

Tags:  e-file

Tags:  tax

Tags:  Uber breach

The most interesting security related news from the week of April 3 - 9.



(Read more...)




The post A week in security (April 3 - 9) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

VPN Connection

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (April 3 - 9)

Microsoft and others are doubling down on incident response, adding services and integrating programs to make security analysts and incident response engagements more efficient.

Incident response is shifting from a service that organizations hope they never need to a capability that every business aims to have, and a variety of companies — from consulting firms to insurance companies to cloud providers — are preparing to take advantage of the trend.

In late March, Microsoft announced that the company would focus its generative AI offering, Copilot, on helping companies triage and respond to incidents, with an aim toward bolstering organizations' incident-response capabilities. The company also announced that it would start offering incident response services and consulting on cybersecurity posture as a retainer to companies upon request.

The announcement marks a significant change at Microsoft. In 2019, Microsoft labeled its incident response team — known then as the Detection and Response Team (DART) — as the "cybersecurity team we hope you never meet." Now the team hopes to meet clients on a regular basis.

The moves are about offering the right services to improve incident response capabilities across the board, says Ping Look, director of the Microsoft Incident Response Team.

"We intend to build our customer base and give our customers more flexibility," she says. "Really, I think it's a growth inflection point."

**Building IR Relationships**

Microsoft is not alone. Incident response services have taken off, and the companies that offer them are looking to build relationships rather than one-off engagements. Google bought incident response bellwether Mandiant in 2022, adding to its other incident response-focused acquisitions of Siemplify and Chronicle and its security advisory services. Consulting firms Deloitte, Booz Allen, Kroll, and PricewaterhouseCoopers have long offered incident response, while managed service firms such as CrowdStrike and Secureworks have focused expertise. Large business-technology and service firms — such as IBM, AT&T, Verizon, and Palo Alto Networks — have also long been players in the incident response space.

Even with the extensive list of players, however, the demand for services continues to skyrocket, says Jurgen Kutscher, executive vice president for services at Mandiant.

"The demand always seems to outpace the supply, so I do believe there's plenty of work for all of these organizations because the threats keep changing," he says. "The organizations that are being targeted, especially when you look at much more opportunistic attacks, like ransomware and similar types of attacks — anybody could be a target."

**Incidents Extend into the Cloud**

Microsoft and Google are well-positioned because more attacks are impacting assets in the cloud — in an area where both companies have significant expertise — in part because business infrastructure and data have sprawled out into the cloud, or usually multiple clouds.

A few years ago, for example, a quarter of the attacks investigated by Palo Alto Networks, a network security and incident response provider, involved cloud assets; now, approximately half are cloud-related, says Sam Rubin, vice president of Palo Alto Networks' Unit 42 threat intelligence and incident response group. The company collects more than 500 billion security events per day from endpoint agents, network appliances, and cloud telemetry, he says.

Rubin does not expect that trend to slow, which can make incident response a challenge.

"It's very hard for organizations to only live and operate in one cloud environment, and even if most of your workloads are in the cloud, there are still systems at headquarters, there's still users with endpoints," he says. "We believe that having somebody who can cut across the entire environment, the headquarters, the remote users, and the cloud — whatever the case may be — that is going to remain an important strategy for securing the enterprise."

While Microsoft and other companies aim to use generative AI to process incidents faster and present incident responders with analyses in near real time, the efforts are largely aspirational at this point. Handling that data with large language models (LLMs) and other forms of advanced machine learning will require a great deal of development and learning, says Pete Shoard, vice president at business intelligence firm Gartner.

"Automated response for complex security incidents is absolutely a long, long way out," he says. "Where AI will help greatly is in that area of task-based automation, finding the right kind of information quickly, and providing a lot more information for the humans to be able to do their job more efficiently and effectively."

**Insurance and Legal Remain Driving Forces**

Corporate legal requirements and cyber-insurance policies have an outsized impact on incident response. Often, the first call for an engagement comes not from a company executive, but from an outside counsel hired to handle the crisis (often because attorney-client privilege shields a company from legal discovery). In other cases, an insurance company would bring in incident responders to help reduce the cost of recovering from a breach and to assess the security of a policyholder.

Legal counsel and insurance firms will likely continue to push for incident response retainers as a way to make sure that companies are doing a base level of training and preparation every year. That can create a net benefit, says Jess Burn, a security analyst with Forrester Research.

"Insurance firms are asking if you're doing incident readiness and incident preparedness exercises as part of your application or policy," she says. "Those same incident response firms can do assessments and tabletop exercises at the technical and executive level — and all of those things can help them, and you, really understand your environment."

Overall, companies that have incident response team and a tested incident-response plan save an average of 58% of the costs of mitigating a data breach, or about $2.6 million for large companies, compared with companies that have neither a team nor a well-tested plan, according to IBM's "2022 Cost of a Data Breach" report.

In the end, everyone can save when the incident response firm and the clients have an ongoing relationship, says Mandiant's Kutscher.

"Having organizations consulting with business partners and with cyber-insurance companies so that they don't just put out the fire, but then working with the organization to reduce the risk of having a similar event happen again, is very, very critical," he says. "That's something that the cyber-insurance industry is definitely driving toward."

**The Future Is Pre-Crime (Pre-Incident, That Is)**

Another benefit from the ongoing relationship with an incident response vendor is that companies will know what they need to have in place for effective incident response. With ongoing advice and expertise from incident response firms, when an attack happens, the incident response firm will know the company has retained the right data, which helps immeasurably in the investigation.

"When they do need us for incident response, we are not coming in cold and coming up to speed in a live-fire situation," Palo Alto's Rubin says.

Even companies with their own security operations center, which would not have qualified for Microsoft's DART services, will now be able to put the incident response group on a retainer, says Microsoft's Look.

"We want to be able to take care of our customers, even if they're not using our Microsoft security staff," she says. "Because that's where we primarily deliver our investigations from, using telemetry that comes in through that. But we're expanding well beyond that too — not as fast as I would like, but we're getting there."

Renewed Focus on Incident Response Brings New Competitors and Partnerships

The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.

Cybercriminals are finding ways around the official Google Play app store's security, developing tools for trojanizing existing Android applications and selling their malicious wares for up to $20,000 a piece on cybercrime markets.

In an April 10 blog post, researchers from Kaspersky published the results of a broad study of nine of the most popular Dark Web forums. Tracking activity from 2019 and 2023, they found a thriving marketplace of buyers and sellers trading access to app developer accounts, botnets, and malicious Android applications, sometimes for thousands of dollars at a time.

In some cases, particularly useful wares — like source code that can burrow you into an existing cryptocurrency or dating app on Google Play — are going for multiple thousands of dollars.

"It's an infinite cat and mouse game," Kaspersky researcher Georgy Kucherin says of Google's app security. "The attackers find a way to bypass security scanners. Then the people developing the security scanners deploy patches to ensure that doesn't happen again. Then the attackers find new flaws. And it goes on and on."

A Google spokesperson tells Dark Reading, “Google Play has policies in place to keep users safe that all apps must adhere to. All Android apps undergo security testing before appearing in Google Play. We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Users are also protected by Google Play Protect, which can warn users or block identified malicious apps on Android devices.”

**The Marketplace for Google Play Hacks**

Any software uploaded to Apple's or Google's app stores is subject to rigorous vetting.

"But just like any security solution that exists in the world, it's not 100% effective,” according to the Kaspersky researchers. "Every scanner contains flaws that threat actors exploit to upload malware to Google Play."

Generally speaking, there are two common ways to sneak malware onto an app store.

Method number one involves uploading a perfectly harmless app to the marketplace. Then, after it's approved — or, even better, after it's accrued a substantial-enough audience — hackers push an update containing malicious code.

Alternatively, hackers might compromise legitimate app developers, latching onto their accounts to upload malware to existing apps. App developer accounts can be cracked more easily without strong password policies and two-factor authentication in place. In some cases, credential leaks can do most of the job for the hackers, providing the logins necessary for breaching accounts and sensitive corporate development systems.

Depending on the developer, access to a "GP" (Google Play) account might only cost as little as $60, as seen in the example Dark Web listing below. But other, more useful accounts, tools, and services come with much higher price tags.

For instance, because of the power they afford, loaders — the software necessary to deploy malicious code into an Android app — can go for big money on the cybercrime underground. This listing offered loaders for rent or development for up to $5,000 each.

Source: Kaspersky’s Securelist blog

Well-resourced criminals might shell out for a premium package, like the source code for a loader.

"You can do whatever you want with that — deploy it to as many apps as you want," Kucherin explains. "You can modify the code as much as you want, adapting it to your needs. And the original developer of the code may even provide support, like updates for the code, and maybe new ways to bypass security measures."

This full-service Google Play hacking suite can run you up to $20,000.

**How Businesses Can Protect Against Google Play Threats**

The threats in Google Play are of particular concern to organizations with weak enterprise security. Kucherin points out that many businesses still have lax bring-your-own-device arrangements in place, which extend the security perimeter beyond corporate networks and into the hands of employees, literally.

"Say an employee installs a malicious app on the phone," Kucherin posits. "If this app turns out to be a stealer, cybercriminals can get access to, for example, corporate emails or sensitive corporate data, then they can upload it to their servers and sell it on the Dark Web. Or even worse: An employee might keep their passwords in, for example, their phone's notes app. Then hackers can steal those notes and get access to corporate infrastructure."

There are two simple ways to prevent such an outcome, he adds.

For one "you can teach the employees cyber-hygiene principles, like to not download apps that are not trusted," Kucherin says.

That may not be enough, though, so "another thing you can do — though it's more expensive — is give your employees a separate phone, which they will use only for purposes of work. Those devices will contain a limited number of apps — just the essentials like email, phone, no other apps allowed."

Just as it is for the cybercriminals, you have to pay more to get more, he notes: "Using dedicated work devices is more effective, but more expensive."

Apps for Sale: Cybercriminals Sell Android Hacks for Up to $20K a Pop

Unpatched Macs, iPhones, and iPads open to browser takeover and system kernel-level malicious code execution, Apple warns.

On April 7, Apple released two security updates warning about two zero-day vulnerabilities under active exploit in the wild. By April 10, those were added to the Cybersecurity and Infrastructure Security Agency (CISA) known exploited vulnerabilities (KEV) list.

The impact of the two vulnerabilities is widespread, affecting macOS Ventura 13.3.1 for Apple Macs, in addition to the iOS 16.4.1 and iPadOS 16.4.1 operating systems used to run iPhones and iPads, according to Apple.

The first bug, CVE-2023-28205, is a flaw in Apple iOS, iPad OS, macOS, and Safari WebKit that could lead to code injection while processing malicious Web content, CISA explained. The second, CVE-2023-28206, affects Apple iOS, iPadOS, and macOS IOSurfaceAccelerator that, worryingly, could allow a malicious app to execute code with kernel privileges, CISA said.

Apple has issued updates for iOS 16 and iPad OS 16. Other macOS versions including Big Sur Monterey, and Ventura have patches that need to be installed, and as Sophos pointed out in a separate advisory, it's still unclear whether the bugs will impact iOS 15 users with older devices.

Both issues were reported by Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International's Security Lab, giving cybersecurity experts reason to believe the flaws are being exploited by state actors to deploy spyware.

"It is interesting that Amnesty International's Security Lab was one of the organizations involved in finding reporting the issue," Mike Parkin, senior technical engineer with Vulcan Cyber explained in a statement provided to Dark Reading. "While Apple hasn't said much about the exploits, it seems likely, given the reporting and earlier history, that the exploits were deployed by state-level threat actors."

Tag

#google