Aggregator

Всего за год столичная ФНС пополнила бюджет на 11 миллиардов рублей.

The "Engineering" Trap

In many organizations, there is a dangerous unspoken rule: The SOC handles endpoints and networks; Engineering handles APIs.

This silo creates a massive blind spot. We recently spoke with the Senior Manager of Security Engineering at a major insurance provider, who described this exact pain point. Before bringing in Salt Security, their API security was effectively an "engineering function."

The SecOps team had world-class visibility into their laptops and servers via CrowdStrike, but their API traffic, the very lifeblood of their digital business, was a black box. They relied on a traditional WAF, logs, and SIEM.

The problem? As the customer noted, "These weren't volumetric attacks or malformed requests... but behavioral attacks operating inside legitimate API usage patterns."

The Visibility Gap: You Can't Protect What You Can't See

Before you can secure your APIs, you have to know they exist. This customer faced a common challenge: they lacked a "living view" of their API fabric.

Like many enterprises, they relied on their API Gateway for inventory. But gateways only see what is routed through them. They are blind to "shadow" endpoints, legacy versions, and direct-to-origin connections that bypass the gateway entirely.

The customer noted that while they could perform manual investigations via the gateway, they "lacked a complete, continuously updated inventory" required to spot drift or anomalies. By integrating Salt, they automatically generated a granular, real-time inventory of every API endpoint, including the ones the gateway missed, giving the SOC the map they needed to defend the territory.

The Limits of WAF + SIEM

The customer’s experience highlights a critical industry reality: Traditional stacks cannot catch modern API threats.

• WAFs look for bad signatures (SQLi, XSS).
• SIEMs aggregate logs.
• Business Logic Abuse (BOLA/IDOR) appears to be valid traffic to both.

The customer found that without a dedicated, AI-powered behavioral engine for API security, they couldn't distinguish between a user aggressively using the platform and an attacker slowly enumerating IDs to scrape sensitive data.

Breaking the Silo with CrowdStrike + Salt

The turning point came when the customer stopped treating API security as a standalone problem.

By integrating Salt Security with CrowdStrike Falcon, they didn't just buy a new tool; they expanded their existing ecosystem.

1. Context, Not Just Alerts: Salt identifies the intent behind API traffic (the "who" and "why").
2. Unified Workflow: These insights are pushed into the CrowdStrike Falcon console.
3. Actionable Response: Analysts can now detect API attacks in real time alongside endpoint signals, enabling faster, more confident remediation.

Future-Proofing: The AI Agent & MCP Wave

While this customer’s immediate goal was stopping human attackers, their architectural shift has prepared them for a much larger threat: Agentic AI.

The "logic abuse" patterns they detected, low-and-slow enumeration, unauthorized data scraping, are the exact behaviors AI Agents will automate at scale using the Model Context Protocol (MCP). By deploying Salt’s behavioral engine today, they haven’t just solved a current gap; they’ve inoculated their environment against the coming surge of machine-to-machine traffic that traditional WAFs will be completely blind to.

The Result: Operationalized Security

The customer's feedback was clear: "We maximized our existing platform investment and simplified operations by avoiding yet another point tool."

This is the future of API security. It isn't about buying more dashboards for your team to ignore. It's about feeding high-fidelity behavioral intelligence into the platforms you already trust. It’s about taking API security out of the "Engineering" silo and putting it right where it belongs: in the SOC.

If you want to learn more about Salt and how we can help you, please contact us, schedule a demo, or visit our website. You can also get a free API Attack Surface Assessment from Salt Security's research team and learn what attackers already know.

The post Why Your SOC is Blind to Your Biggest Attack Surface (And How to Fix It) appeared first on Security Boulevard.

Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar. Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior and hidden risk keeps getting thinner. Tools

好的，我现在需要帮用户总结一篇关于网络安全的文章，控制在100字以内。首先，我得通读整篇文章，抓住主要内容和重点。 文章开头提到本周的网络安全新闻充满了急剧的变化，既有背景中的悄然发生，也有公开的事件。接着列举了多个关键点，包括Dell RecoverPoint的零日漏洞、前Google工程师被指控窃取商业机密、PromptSpy安卓恶意软件滥用Gemini AI、肯尼亚异见人士手机被破解、Keenadu安卓恶意软件、密码管理器的零知识主张被质疑等。 中间部分提到了多个CVE漏洞，以及一些趋势和工具。最后的结论指出本周的主题是“静默暴露”，风险出现在日常更新和受信任的工具中，问题不是单一漏洞，而是潜在模式。 现在我需要将这些信息浓缩到100字以内。要突出主要事件和主题。首先提到零日漏洞和前Google工程师的指控，然后是恶意软件滥用AI和手机破解事件。接着简要提及密码管理器的问题和其他关键漏洞。最后点出主题：风险隐藏在日常更新和工具中，问题在于潜在模式而非单一漏洞。 确保语言简洁明了，不使用复杂的结构。检查字数是否在限制内，并调整句子结构以确保流畅。 本周网络安全新闻涵盖多起重大事件：Dell RecoverPoint虚拟机零日漏洞遭利用；前Google工程师涉嫌窃取商业机密；PromptSpy安卓恶意软件滥用Gemini AI；肯尼亚异见人士手机被破解；Keenadu安卓恶意软件嵌入固件；密码管理器“零知识”主张受质疑。此外还涉及多个关键漏洞及趋势分析。

Explore how Windows CardSpace’s 'Identity Agent' architecture paved the way for modern Passkeys and secure password management in 2026.

The post Using CardSpace as a Secure Password Manager appeared first on Security Boulevard.

Simplify access with Enterprise SSO for WordPress portals. Secure, seamless single sign-on integration for your enterprise users.

The post Enterprise SSO for WordPress Portals appeared first on Security Boulevard.

Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026. What happened? Tokyo-based Advantest is a leading manufacturer of automatic test and measurement equipment used in the design and production of semiconductors that used in computers, electronic devices (including mobile phones), autonomous vehicles, and systems used in high-performance computing (e.g., artificial intelligence systems). The company has facilities in … More →

The post Japanese chip-testing toolmaker Advantest suffers ransomware attack appeared first on Help Net Security.

A critical zero-day vulnerability, tracked as CVE-2026-2329, is affecting Grandstream’s GXP1600 series VoIP desk phones. The issue is an unauthenticated stack-based buffer overflow that can be exploited remotely to achieve root-level remote code execution (RCE) on a vulnerable device. Because the phones share a common firmware image across the series, all six models are impacted: GXP1610, […]

The post PoC Exploit Released for Grandstream GXP1600 VoIP Phones RCE Vulnerability appeared first on Cyber Security News.

Researchers investigated the zero-knowledge claims of password managers—and found some possible attack scenarios.

The post Password managers keep your passwords safe, unless… appeared first on Security Boulevard.

嗯，用户让我帮忙总结这篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要通读整篇文章，抓住主要观点。 文章主要讲密码管理器的安全性。作者提到虽然密码管理器声称零知识，但研究显示它们比宣传的更脆弱。特别是云密码管理器容易受到攻击，因为它们依赖服务器和共享功能。 攻击方式包括服务器被黑后降低加密强度、利用群组共享功能、自动恢复选项以及旧客户端的兼容性问题。不过作者也提到这些攻击需要高权限，普通用户风险较低。建议启用多因素认证来提高安全性。 总结时要涵盖这些点：云密码管理器的漏洞、攻击方式、建议措施。控制在100字以内，直接描述内容。 文章指出云密码管理器存在安全隐患，尽管声称“零知识”，但研究发现其易受攻击。攻击者可利用服务器被黑、群组共享、自动恢复等功能获取密码。建议启用多因素认证提高安全性。

The Problem with the Traditional Idea of a Site For a long time, the concept of a “site” in networking and security was synonymous with a physical office. This included: a headquarters building a branch office a campus connected to the corporate network This traditional model was built on several assumptions: employees primarily worked from...

The post Modern Workplaces Demand a New Meaning for “Site” in Network Security appeared first on Aryaka.

The post Modern Workplaces Demand a New Meaning for “Site” in Network Security appeared first on Security Boulevard.

A newly disclosed security flaw in the popular jsPDF library has exposed millions of web developers to PDF Object Injection attacks, allowing remote attackers to embed arbitrary objects and actions into generated PDF documents. Tracked as CVE-2026-25755, the vulnerability affects the addJS method used to embed JavaScript code in PDF files. The issue arises from improper sanitization of user-supplied input in […]

The post jsPDF Vulnerability Exposes Millions of Developers to Object Injection Attacks appeared first on Cyber Security News.

Security Bulletin released on February 19, 2026, addresses a remote flaw in HPE Telco Service Activator that could let attackers bypass access restrictions. According to HPE, the issue stems from the Undertow HTTP server core used by the product. The flaw is an improper input validation condition in which the server fails to validate the Host header […]

The post HPE Telco Service Activator Vulnerability Let Attackers Bypass Access Restrictions appeared first on Cyber Security News.

英国《卫报》2026年2月21日消息《消息称伊朗拒绝出口高浓缩铀但愿降低纯度》透露，伊朗拒绝将约300公斤、丰

A low-skilled Russian-speaking attacker has used GenAI tools to help deploy a successful attack workflow targeting FortiGate instances

嗯，用户让我帮忙总结一篇文章，控制在100字以内，而且不需要用“文章内容总结”这样的开头。好的，首先我得仔细阅读一下这篇文章。 文章讲的是阿联酋挫败了一些由人工智能支持的网络攻击，并警告恐怖组织使用的技术有质的飞跃。攻击包括渗透网络、勒索软件和钓鱼活动，涉及政府、金融和银行部门。2026年至今有128起事件。 接下来，我需要提取关键信息：阿联酋、挫败AI网络攻击、恐怖组织技术升级、攻击类型、受影响部门、事件数量。然后把这些信息浓缩成一句话，不超过100字。 可能的结构是：阿联酋挫败AI网络攻击，警告恐怖组织技术升级，涉及渗透、勒索软件、钓鱼活动，影响政府、金融和银行部门，2026年至今128起事件。 检查一下字数，确保在限制内。看起来没问题。最后确认没有使用禁止的开头词。 阿联酋挫败多起人工智能支持的网络攻击，并警告恐怖组织技术能力显著提升。攻击包括网络渗透、勒索软件和钓鱼活动，主要针对政府、金融和银行部门。2026年至今已发生128起网络安全威胁事件。

嗯，用户让我总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要仔细阅读文章，抓住主要信息。 文章讲的是一个网络攻击活动，使用假冒的火绒安全软件来传播ValleyRAT远程访问木马。攻击者通过拼写错误的域名和恶意安装程序来欺骗用户。ValleyRAT使用DLL侧加载技术来执行恶意代码，并且具备多种后门功能，比如键盘记录、进程注入等。攻击者还禁用了Windows Defender的部分功能，以避免被检测到。 接下来，我需要将这些关键点浓缩成简短的句子。确保涵盖攻击手段、恶意软件功能以及攻击者的技术细节。同时要注意字数限制，不超过100字。 最后，检查总结是否准确传达了文章的核心内容，并且语言简洁明了。 网络攻击者通过假冒火绒安全软件分发ValleyRAT远程访问木马，利用拼写错误域名和恶意NSIS安装程序欺骗用户下载。ValleyRAT基于Winos4.0框架，采用DLL侧加载技术执行恶意代码，并具备键盘记录、进程注入、凭证窃取等功能。攻击者禁用Windows Defender部分功能以规避检测。

Meta has released WhatsApp Beta for Android 2.26.7.8 through the Google Play Beta Program. The update includes references to password-protected accounts, indicating plans to introduce an additional layer of protection beyond the app’s current authentication options. WhatsApp is exploring the implementation of a feature that will introduce a password (Source: WABetaInfo) The feature will allow users to create an alphanumeric password between six and 20 characters in settings, with at least one letter and one … More →

The post WhatsApp is adding another lock to your account appeared first on Help Net Security.

Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide […]

好的，我现在需要帮用户总结一篇文章，控制在100字以内。用户给的原文是关于CVE-2026-1731漏洞的，看起来挺复杂的。 首先，我得通读全文，抓住关键点。文章提到这个漏洞被用来攻击BeyondTrust的远程支持和特权远程访问产品。攻击者利用这个漏洞部署VShell，获得持久访问、横向移动和控制权。 然后，漏洞的CVSS评分是9.9，属于严重级别。攻击者可以执行操作系统命令，甚至完全控制系统。BeyondTrust已经发布了补丁，但仍有大量暴露在网上的实例。 接下来，Hacktron团队报告了大约11,000个暴露的实例，其中大部分是内部系统。攻击者利用PoC脚本短暂劫持管理员账户，并部署多种恶意工具。 最后，CISA警告这个漏洞被用于勒索软件活动。 现在我要把这些信息浓缩到100字以内。需要包括：漏洞名称、影响的产品、攻击者的行动、漏洞的严重性、补丁情况、暴露实例数量以及被用于勒索软件的事实。 可能的结构：描述漏洞被利用的情况，攻击者的行动，漏洞的影响和严重性，补丁发布情况，暴露实例数量及行业分布，以及CISA的警告。 现在组织语言： “攻击者利用CVE-2026-1731漏洞针对BeyondTrust RS和PRA产品进行攻击。通过该漏洞部署VShell等工具以获得持久访问、横向移动并控制受损系统。该漏洞CVSS评分为9.9，允许未认证攻击者执行远程代码。BeyondTrust已发布补丁修复此问题。约有11,000个实例暴露于网络中。” 这样大约85字左右。 攻击者利用CVE-2026-1731漏洞针对BeyondTrust RS和PRA产品进行攻击。通过该漏洞部署VShell等工具以获得持久访问、横向移动并控制受损系统。该漏洞CVSS评分为9.9，允许未认证攻击者执行远程代码。BeyondTrust已发布补丁修复此问题。约有11,000个实例暴露于网络中。