Aggregator

近日，360数字安全集团成功中标中国移动2024年至2026年终端安全软件产品集采项目。本次中标合作，将依托360终端安全管理系统打造智能化终端安全防护新体系，整体提升中国移动企业内部的数字安全防护能力，树立起运营商信创安全体系建设标杆。

伴随着以人工智能为代表的新一轮科技革命深入推进，中国移动作为全球网络规模最大、服务用户最多、盈利能力领先的电信运营企业，近年来主动顺应经济社会数字化、网络化、智能化发展趋势，助力推动5G与人工智能、物联网、云计算、大数据、边缘计算等新兴技术融合创新，积极组织引领产业链上中下游、大中小企业融通发展，战略合作伙伴超160家，各类产业链合作伙伴超30万家，构筑起开放、包容、普惠、共赢的产业合作生态，带动全产业链实现群体突破、跨越发展、韧性提升。

在此过程中，面对愈发复杂的业务和办公系统环境以及国家级网络攻击组织的威胁，为进一步提升安全防护和自主可控能力，中国移动率先推进信创安全体系建设，有效应对日趋频繁的攻击事件

其中，终端作为物理世界与数字世界的桥梁，一直是数字化过程中各类高级威胁组织重点“照顾”的对象，大量入网的终端都可能成为外部攻击的入口和跳板，也是信创纵深防御体系的关键一环。

为此，中国移动在近期启动2024年至2026年终端安全软件产品集采。经过多家供应商的严格测试和综合评估，360凭借突出的安全管理、运营维护，以及防病毒和补丁管理、桌面管理、数据防泄漏、网络准入等安全能力，成功中标。

360是国内唯一兼具人工智能和数字安全能力的公司，基于过去20年实战经验，构建了“看见+处置”为核心的数字安全运营服务体系，打造数字安全中国方案。作为其中的重要组成，此次中标的360终端安全管理系统在“看见与处置”方面具备三大突出能力。 

一是体系化的安全管控能力。360终端安全管理系统集成了高级威胁发现、防病毒、漏洞防护、停服加固、终端合规管控、终端准入、终端审计、数据安全、主机加固管理等安全能力于一体，能够实现终端安全管控一体化，后台管理一体化，构建可维护、易维护的终端安全运维体系。

二是场景化的实战对抗能力。360长期与国家级APT组织、黑灰产网络犯罪组织战斗在一线，截止目前，累计帮助我国发现54个境外APT组织。基于实战经验的核心赋能，360终端安全管理系统全面覆盖包括勒索软件防护、挖矿攻击防护、APT攻击防护、攻防演练、重大事件响应、等级保护合规性以及数据安全等多个场景，全方位提升端点威胁防御能力。

三是智能化的安全防御能力。为了提升高级威胁发现的效率，360安全大模型已全面赋能360终端安全管理系统，在安全大模型加持下，360终端安全管理系统能够实现智能化风险研判，运用大模型专家库、技能库实现漏洞捕获、高级威胁猎杀，增强“看见与处置”能力。

无疑，运营商作为国家关键信息基础设施，承担着维护网络空间安全、保障通信畅通的重要职责。中国移动作为信息通信行业的领军者，其在信创安全建设方面的战略布局显得尤为重要。

此次与360的合作是基于双方对当前安全形势的深刻认知以及对信创安全建设重要性的共识。未来，双方将加深在终端安全领域的协同合作，推进面向实战的安全体系建设，为行业的数字化转型提供坚实的安全保障。

当你在网上搜索“谷歌浏览器”时，下图中的地址可能会排在某搜索引擎结果的第一名，但你可能想不到，这是个带病毒的假官网！

点击假官网，将下载一个带有“后门”的安装程序，运行程序后，后门将开始一系列网络攻击，包括：探测并窃取虚拟货币钱包，窃取浏览器信息，监听键盘等，如果你并未持有虚拟货币或者无法被窃币，后门就会释放挖矿木马组件，榨干你的最后一点价值。

微步情报局研究发现，这波攻击自7月底开始，累计仿冒网站达20余个，有数据可查的攻击已有数十万次，被攻击行业领域极其广泛，国家有关部门、高校和研究机构、汽车行业、央国企等多个领域均有大量受害单位。该攻击团伙所使用的域名资产中含有大量“heimao-*(三位数字).com”特征域名，微步情报局据此将该团伙命名为“黑猫”。

（一）“黑猫”团伙画像

“黑猫”最早于2022年开始活跃，通过仿冒钓鱼网站投递各类恶意样本，包括“银狐”远控木马、变种Gh0st木马、窃密木马、XMRig挖矿木马等，受害目标为安全意识不足的机构/企业职员，通过远控主机来盗取受害者的虚拟货币并挖矿。“黑猫”的某C2地址和今年上半年APT组织“金眼狗”所使用的远控后门内置的C2地址相同，这表明“黑猫”疑似和“金眼狗”具有一定关联。

攻击特点

擅于使用各种提高搜索引擎排行的方式

部署钓鱼网站手法高超，使用中间下载链接来规避追踪和实时替换下载文件

以敛财盈利为主，主要目标为盗窃虚拟货币

当发现主机并无窃取价值，会下载挖矿组件进行挖矿盈利

平台

Windows

传播方式

部署虚假软件下载页面，并提高钓鱼网站在搜索引擎排行诱导下载

攻击地区

中国

攻击人群

下载谷歌浏览器，搜狗输入法，WPS办公软件等办公人群

数字货币持有者、行业从业人员

攻击目的

远控，窃密，盗取加密货币，控制肉鸡挖矿

表：“黑猫”攻击画像

（二）“黑猫”常用的攻击手法

“黑猫”的主要攻击手法是通过部署和推广虚假软件下载页面，进行窃密和盗窃虚拟货币、挖矿等攻击行为。“黑猫”投递的样本复杂多样，各种Gh0st魔改远控，银狐木马，窃密软件，XMRig挖矿木马层出不穷，且更新速度很快，投递的loader具备对各大杀软的免杀技术、反虚拟机调试、反沙箱技术，因此攻击成功率极高。

图：“黑猫”攻击路径示意图

“黑猫”大范围仿冒常见软件的下载网站，并通过SEO（搜索引擎优化）、SEM（搜索引擎竞价排名）等各种手段提高在搜索引擎关键字排行，诱导受害者访问钓鱼页面，并点击下载带有后门的安装程序。

（ToDesk搜索结果，钓鱼网站位列第二）

安装程序被受害者运行后，后门程序会窃取受害者虚拟货币钱包，浏览器信息，监听键盘等。如果受害者不具备盗币的可能，“黑猫”会释放XMRig挖矿木马组件进行挖矿。 

（三）“黑猫”仿冒的常见软件及下载地址

“黑猫”仿冒的常见软件下载地址，高达20余个，囊括了常用办公软件、虚拟币行情交易平台、VPN/上网加速器等程序。需要警惕的是，“黑猫”具备极强的SEO（搜索引擎优化）技术，不仅会仿冒网站，还会把仿冒网站的地址顶到搜索结果的首页，甚至能常年保持在排名第一第二的位置，因此受害者极易中招。现将2024年“黑猫”仿冒的部分网站地址列表如下。

仿冒软件名

假网站地址

搜索引擎最高排名

Chrome浏览器

http://zh-chrome.com/

https://guge-chrome.com/

https://zh-google.cn/

https://web-chrome.cn

https://chromecn.cn

https://chromem.cn

第一，截至发稿仍生效

Todesk远控软件

https://todesk-zh.com/

第二，截至发稿仍生效

WPS办公软件

https://cn-wps.com

第三，截至发稿仍生效

搜狗输入法

https://sogou-shurufa.com

第三，截至发稿仍生效

爱思助手

https://i4.com.vn/

第四，截至发稿仍生效

爱加速vpn

https://zh-aijiasu.com/

https://ajsvpn.com/

第三，截至发稿仍生效

MEXC数字资产一站式交易平台

https://zh-mexc.com/

第七，截至发稿仍生效

potato社交软件

https://zh-potato.com/

https://potato-zh.com/

第十一，截至发稿仍生效

穿梭VPN

https://cs-vpn.com/

https://zh-csvpn.com/

https://transocks-vpn.com/

第四，截至发稿仍生效

飞连vpn

https://fl-vpn.com/

第一，截至发稿仍生效

快帆加速器

https://www.qobddze.cn/

拓线获得，暂无排名

okx欧易交易所

https://oeokx.cn/

https://okx-client.cn/

https://zh-okex.cn/

第四，截至发稿仍生效

gate交易所

https://zh-gateio.cn/

拓线获得，暂无排名

aicoin

https://www.aicoinzh.com/

第二，截至发稿仍生效

tradingview

https://tradingview-en.com/

http://ayicoin.com

https://nbxieheng.cn/

https://zh-tradingview.cn/

第一，截至发稿仍生效

Telegram（电报）

https://www.telegramef.com/

第一，截至发稿仍生效

 （四）处置建议

1. 根据本文附录IOC内容进行自查，封禁相关恶意域名；

2. 对已经失陷的机器，及时隔离、清理，杜绝失陷机器外联恶意域名可能带来的监管合规问题；

3. 规范办公软件获取途径，收紧软件安装策略，禁止在办公终端上采用非官方途径进行下载安装。

Cybersecurity Engineer Texas Instruments | USA | On-site – View job details As a Cybersecurity Engineer, you will design, implement and maintain cybersecurity controls for security tools to help drive zero trust and secure by design principles across complex environments. Validate and test security configurations and controls to a variety of security (e.g., firewalls, email gateway, WAFs, DLP, endpoint protection, baselines, etc.). Cyber Security Architect – Product Security Honeywell | USA | On-site – View … More →

The post Cybersecurity jobs available right now: October 23, 2024 appeared first on Help Net Security.

October 2024 marked an exciting time for SquareX as we returned to our home ground, Singapore, for two significant back-to-back events: Cyber Security World Asia (part of Singapore Tech Week) from October 9–10 and GovWare 2024 from October 15–17.

Both prominent cybersecurity events were held at the Sands Expo and Convention Centre and featured leading voices in digital security, policymakers, and professionals across industries. With a combined attendance of over 30,000 people, these events are known for driving innovation and collaboration in cybersecurity.

At both events, SquareX was proud to showcase our industry-first Browser Detection and Response (BDR) solution, which has evolved significantly since our last appearance at GovWare 2023. We engaged with attendees, answered questions about the various use cases across industries, and demonstrated how our browser-native security solution protects employees from modern client-side threats — in a way no other solution has done before.

In addition to thought-provoking discussions, we also distributed exclusive SquareX merchandise to booth visitors, including limited-edition T-shirts, stickers, and copies of Hackers: Superheroes of the Digital Age.

The SquareX booth was buzzing with activity throughout both events. Visitors were eager to learn more about the practical applications of our industry-first BDR solution, especially as the browser becomes an increasingly large attack surface across sectors. We received insightful questions about how SquareX can be tailored to different organizational needs, from protecting employees from malicious websites, to preventing data leakage and enabling secure browsing for distributed workforces.

Our swag was also a hit, with many attendees complimenting the robot-themed artwork and creative designs we had on display. The interaction with cybersecurity professionals, thought leaders, and industry friends made these two weeks even more fulfilling.

Another highlight was how our Chief Architect Jeswin Mathai, also delivered an insightful talk titled “The Silver Bullet in Your Enterprise Defense Strategy: Browser Security Solutions” at Cyber Security World Asia 2024. Attended by different professionals, students, and security researchers, the session explored how SMEs and non-profits can benefit from a browser security solution, as opposed to relying solely on traditional measures like Secure Web Gateways.

Jeswin highlighted the unique advantages of adopting browser-native security, emphasizing how it addresses the gaps in current security infrastructure, especially for resource-constrained organizations. The audience’s engagement demonstrated a growing interest in practical, cutting-edge solutions that go beyond legacy systems.

We were also thrilled to have press coverage, including live interviews with from our Product Evangelist Dakshitaa Babu, by Cyber Security World Asia, and Martin from AOPG (Asia Online Publishing Group) interviewing our Chief Architect Jeswin. Stay tuned for the full episodes!

Exhibiting at two major events in consecutive weeks was intense, but the energy and interest from attendees made it all worthwhile. The growing awareness and understanding of browser-native security — and the role SquareX plays as a pioneer in this space — was evident from the feedback we received.

For us, these events were not just an opportunity to showcase our solutions but also a chance to learn more about our customers’ needs. Engaging directly with the community gave us valuable insights to refine our approach and further align our messaging.

We wrapped up both conferences with a deep sense of fulfillment, knowing we had spread the word, sparked meaningful conversations and strengthened our ties to the Singaporean cybersecurity community.

https://medium.com/media/7749be14c570daaa2d74354aa778da32/href

We hope everyone who visited our booth at Cyber Security World Asia and GovWare 2024 enjoyed the experience as much as we did. If you’d like to learn more about SquareX and how our Browser Detection and Response solution can protect your organization, contact us today to schedule an obligation-free pilot!

Showcasing our Industry-First BDR Solution in Singapore was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Showcasing our Industry-First BDR Solution in Singapore appeared first on Security Boulevard.

As a historically male-dominated industry, many IT companies have been described as having limited career development opportunities for female employees, according to Acronis. Issues like lack of mentorship, inadequate policies for work-life balance, and sometimes even a culture of exclusion have contributed to this. To gain insight into the current state of gender diversity in IT, Acronis commissioned a survey of full-time female employees to gauge their sentiments on equality in the IT industry and … More →

The post Most women in IT work overtime to advance in their careers appeared first on Help Net Security.