Latest news with #PositiveTechnologies
Forbes
5 days ago
- Forbes
Google Chrome Warning—Do Not Ignore 7 Day Update Deadline
New Chrome warning for 2 billion users. New warnings have been issued for Chrome's 3 billion users, emphasizing the need to keep browsers updated at all times. Google has just issued a new update, which fixes two high-severity vulnerabilities and should be installed right away. More critically, an ongoing update mandate deadline in now just 7 days away. America's cyber defense agency warns Chrome 'contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.' CISA says update before June 26 or stop using Chrome. The formal mandate applies just to federal employees, but CISA operates 'for the benefit of the cybersecurity community and network defenders — and to help every organization better manage vulnerabilities and keep pace with threat activity.' That means all organizations should take note of this deadline and adhere if possible. That should be evident anyway, but a new warning has just detailed exploitation of a Google Chrome zero-day disclosed earlier this year. Kaspersky discovered 'a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers' website was opened using the Google Chrome web browser.' Now, Positive Technologies says its Threat Intelligence Department 'analyzed an attack that exploited [this] zero-day vulnerability (sandbox escape)' dating back to 2024. As I warned when CVE-2025-2783 was first disclosed, Google quickly released an emergency update and then CISA issued a 21-day update mandate. The current CISA update mandate is for CVE-2025-5419, which is also an 'out-of-bounds read and write in V8,' a similar memory issue to the integer overflow and use after free vulnerabilities patched this week, albeit those do not have known exploits as yet. We're two weeks into CISA's mandate, and so this is the period of maximum risk. Ensure your browsers are updated — which means restarting when it downloads. While home users should adhere to CISA warnings, it's more critical for enterprises likely to come under attack from sophisticated phishing campaigns exploiting these vulnerabilities. Remember, once the flaw is made public, it's a race against time for attackers to use it or lose it when browsers are patched. Do that right away.
Mid East Info
6 days ago
- Business
- Mid East Info
Positive Technologies identifies key cyberthreats for financial companies in 2025–2026 - Middle East Business News and Information
Positive Technologies has outlined the major cyberthreats that the financial sector may face in the coming years. These include ransomware attacks, malicious use of QR codes, exploitation of API vulnerabilities, DDoS campaigns, and attacks targeting suppliers and partners. These conclusions are based on the company's analysis of security incidents and publicly available data concerning threats to banks and other financial institutions. The financial sector remains one of the top five most targeted industries by cybercriminals, according to Positive Technologies data for the period from 2024 to Q1 2025. In 67% of successful cyberattacks, attackers stole data and used it to blackmail victims by threatening to delete or expose the information. Another 26% of incidents caused operational disruptions, while 5% resulted in financial theft. Social engineering was used in 57% of successful cyberattacks on financial organizations in 2024. Positive Technologies analysts predict that such incidents will continue to rise as cybercriminals leverage the generative capabilities of artificial intelligence (AI) to craft convincing phishing emails. On the defensive side, security teams are also expected to use AI to detect AI-generated malicious content. The growing use of application programming interfaces (APIs) poses significant risks. Without adequate security measures, APIs could become an entry point for cybercriminals. This risk is exacerbated by the proliferation of shadow APIs, which often lack proper protection, and the widespread adoption of AI in the financial sector. According to a report by Wallarm, the number of vulnerable AI-enabled APIs increased tenfold in 2024. Another key cyberthreat in 2025–2026 will be the growing number of attacks on contractors and suppliers. Cybercriminals are likely to target less secure partners to gain access to larger financial organizations. Small and medium-sized businesses may also be affected, especially if attackers fail to reach their main targets. Roman Reznikov, Cybersecurity Research Analyst at Positive Technologies, says: 'Cybercriminals continue to exploit legitimate and widely used tools in fraudulent schemes. For example, attacks involving QR codes have become more frequent. Hackers replace legitimate QR codes with malicious ones in public spaces and bypass email security by taking advantage of the difficulty in detecting QR codes within messages. In the future, we may see malware capable of altering QR codes directly on device screens during payment. That's why it's important to be careful with QR codes and avoid scanning ones from unknown or suspicious sources. At the same time, defensive measures are evolving too. For instance, a company can protect itself from emails containing malicious QR codes by using PT Sandbox, which identifies QR codes in email images and attachments, extracts the embedded links, and checks them for malicious activity.' The access-as-a-service market presents another serious challenge. Positive Technologies reports that nearly 9% of dark web listings for access sales are related to the financial sector. This market is expected to grow as new technologies lower the barriers to entry into cybercrime. Inexperienced attackers may sell discovered access points to more skilled cybercriminals. Ransomware attacks are also projected to increase. Cybercriminals have begun demanding ransoms lower than the potential fines for data breaches. Analysts anticipate this tactic will become more common in countries with turnover-based fines such as Russia, Brazil, and China. DDoS campaigns will continue to pose a significant threat to the financial sector in 2025. Hackers are expected to create massive botnets of compromised IoT devices and use AI to launch adaptive attacks that respond to victims' countermeasures. To protect against these evolving threats, financial organizations must adopt a comprehensive cybersecurity strategy built on advanced tools, including: next-generation firewalls (NGFWs) like PT NGFW to prevent cyberattacks and enforce security policies; web application firewalls (WAFs) such as PT Application Firewall for detecting and blocking attacks, including threats from the OWASP Top 10 list; SIEM systems, including tools like MaxPatrol SIEM, to identify malicious activity across infrastructure and endpoints, integrated with EDR solutions like MaxPatrol EDR. In addition, sandboxes (such as PT Sandbox) and NTA or NDR systems (like PT NAD) should be used to protect against malware and detect hacker movement within the network.
Time of India
15-06-2025
- Business
- Time of India
Technological cooperation as the basis of digital sovereignty
The international cybersecurity festival Positive Hack Days, hosted by Positive Technologies , a leader in result-driven cybersecurity, took place in Moscow's Luzhniki sports complex on May 22–24. The event was supported by the Ministry of Digital Development of Russia. The Moscow Government acted as a strategic partner: this year's cyberfestival received support from the Social Development Complex , the Department of Information Technology, and the Department of Entrepreneurship and Innovative Development. Delegations from over 40 countries, including Latin America, Africa, Asia, and the Middle East, participated at the cybersecurity forum. Among the participants were representatives of government bodies and cybersecurity agencies, business leaders, renowned tech experts, software developers, and ethical hackers. This PHDays Fest has been the largest in its history since 2011. Over 150,000 people visited the three-day event, with more than 180,000 viewers tuning in online. The technical sessions were grouped in 26 tracks and featured 270 talks covering key cybersecurity issues. More than 500 speakers participated in the festival, ranging from budding tech enthusiasts to top specialists, CIOs, and CISOs of major IT companies. Geopolitical confrontations have exposed the problem of the world's digital architecture: dominant control by large vendors and the infringement of individual countries' interests through restricted access to technology and equipment. Global tech giants wield enormous influence; dependence on them can paralyze a national economy and undermine technological sovereignty. It was previously believed that there were hardly any worthy alternatives to their solutions in the global market. However, Russia managed to maintain digital sovereignty by combining the efforts of government agencies and strong domestic vendors: since 2022, it has been rapidly developing its own technologies, solutions, and services with a focus on security. Having successfully mastered these challenges, Russia can share its unique experience in achieving digital autonomy with friendly countries and partners. An innovative idea on how to achieve digital sovereignty was proposed at PHDays Fest by Positive Technologies. The concept is based on the idea that strategic cooperation and mutual exchange of expertise can become a source of strength. For example, when developing technologies or products, partners depend on each other only in terms of sharing knowledge and practical experience. Such synergy can be achieved by moving away from the traditional schemes of importing IT and cybersecurity solutions, which plunge countries into complete dependence on suppliers. Instead, cooperative partners, whether countries or commercial enterprises, can progress together by complementing each other. The concept was positively received by Russian experts and supported by delegates from other countries. Positive Technologies declared its willingness not only to launch this initiative, but also to take a leading role in its implementation. The company's experts are ready to openly share their unique experience in the field of cybersecurity, accumulated over more than two decades, with friendly countries. They offer practical expertise in protecting individual facilities and entire economic sectors, as well as methods for developing effective cybersecurity systems. To foster the growth of local professional talent, the company will act as a mentor and allocate resources to train and upskill cybersecurity specialists and ethical hackers. Positive Technologies also intends to develop local expert communities. This way, the vendor will help partners establish the necessary technological foundation and properly build a sovereign cybersecurity industry, which the partners will be able to maintain and improve independently, relying on their own well-trained and highly qualified specialists. The company took its first steps in this direction in 2024, specifically by launching an international training program for cybersecurity professionals. In addition, Positive Technologies helps to enhance the competencies of cybersecurity leaders in financial institutions of the Gulf countries to better protect the local financial sector. The idea of co-developing new digital architectures that would be based on security principles and prevent situations where a few large vendors have unlimited power, as well as the idea of working together to fill the gaps in cybersecurity education through expertise transfer were consistent themes throughout the forum sessions during the festival. The business program included over a dozen discussions and plenary sessions. International participants particularly noted the relevance and global significance of the issues raised. 'Attending Positive Hack Days has been an eye-opening experience, especially for professionals in the BFSI (Banking, Financial Services, and Insurance) sector. The intricate discussions and hands-on demonstrations of modern cyber threats targeting financial institutions have underlined the urgent need for robust cybersecurity measures,' said Rajender Kumar, General Manager, Risk Monitoring Department , Reserve Bank of India . 'The Standoff format is particularly impactful, as it provides a hyperrealistic simulation of attacks and defenses in critical infrastructures, including those relevant to banking and financial systems. Observing the strategies employed by both red and blue teams has offered invaluable insights into how attackers exploit vulnerabilities and how defenders can effectively respond. One of the standout topics has been ATM security, where new vulnerabilities and advanced protective measures were showcased. The knowledge gained here is crucial for enhancing the resilience of ATM networks and safeguarding financial transactions from sophisticated cyberattacks. Positive Hack Days can serve as a vital platform for global collaboration, learning, and innovation in the fight against cyberthreats in the BFSI sector.' Abhishek Kumar, CEO of Dievas Technologies (India) added, 'Positive Hack Days is a remarkable platform for cybersecurity professionals to explore cutting-edge solutions and collaborate on tackling modern cyber threats. The Standoff format provides a unique, hands-on experience in defending critical infrastructures, a skill that is crucial across industries like finance, healthcare, and energy. At Dievas Technologies, we are committed to advancing cybersecurity solutions, and the insights gained from PHDaysenhance our ability to deliver robust threat detection and response services. Events like this drive innovation and strengthen global resilience against cyber risks.' Digital sovereignty: eliminating dependency through international cooperation The subject of the plenary session opening the forum was digital sovereignty—the ability of a country to ensure its technological independence and security. As emphasized by Maksut Shadayev, the Russian Minister of Digital Development, this primarily means protecting the interests of users and national security, regardless of external pressure. In his opinion, special attention should be given to the uninterrupted operation of services and maintaining citizens' access to advanced technologies. Eduardo Villegas Megías, the Ambassador Extraordinary and Plenipotentiary of Mexico to Russia, confirmed that the issue of technological dependency is global in nature. As the diplomat noted, technological lag is embedded at a fundamental level. Even when working with popular programming languages like Python , strong English skills are required. This creates a sense of dependency and additional barriers to technological development. The energy sector is facing especially serious challenges in the current geopolitical situation, according to Russian Energy Minister Sergey Tsivilev. The far-reaching digitalization of the industry, on the one hand, opens up new opportunities, but on the other, makes it a target for cyberattacks. However, if a country isolates itself within its national borders, it will be left behind in the face of rapid technological advancement. To ensure the industry's competitive position, the Ministry of Energy has developed a 2050 strategy that aims to create world-leading technologies. However, no single country can ensure full technological security on its own. International exchange of experience and collaborative development of solutions are essential, according to Ahmed Mustafa Al-Issawi, Director of the Personal Office of Sheikh Suheimbin Ahmed Al Thani and Investment Director of Al Adid Business. Qatar is actively developing as an international hub for technological innovation, bringing together leading companies in the fields of cybersecurity and big data. Special attention is given to educational programs: scholarship initiatives enable students to study cybersecurity at universities in various countries, including Russia. Having originated from a community of hacking enthusiasts, the cybersecurity industry has maintained a spirit of cooperation: fundamental interests of different companies often align despite the competitive environment. The annual PHDays Fest shows that even competing companies can work together effectively to address common challenges related to digital sovereignty.
Khaleej Times
08-06-2025
- Sport
- Khaleej Times
Why this Russian hackathon draws cybersecurity professionals from Middle East
Under the bright Moscow sunlight, the majestic Luzhniki Stadium, which famously hosted the 1980 Summer Olympics and the final of the 2018 Fifa World Cup, opened its doors to tech experts for a high-profile international cybersecurity festival last month. Arenas such as the Luzhniki Stadium resemble a cauldron in the middle of a sporting slugfest. But during the three-day festival (May 22-24), one of the world's most iconic sporting venues seemed like an exhibition centre where thousands of people arrived to get a glimpse of the latest advancements in the war on cyberattacks. The irony was not lost on footballing connoisseurs as it was at the Luzhniki Stadium that the video referral technology was used for the first time in a Fifa World Cup when the Kylian Mbappe-inspired France were awarded a penalty during their 4-2 victory in the final against Croatia after a VAR (Video Assistant Referee) consultation by Argentinian on-field referee Nestor Pitana. While technology has played a big role in neutralising human errors from referees, umpires and line judges in the sporting world, it can cripple human life when hackers penetrate computer systems. Given that context, Positive Hack Days (PHD), the cybersecurity festival hosted by Positive Technologies, is a significant platform for a secure digital future. The event — supported by the Ministry of Digital Development of Russia — saw prominent government officials, cybersecurity experts and ethical hackers from Asia, South America, Africa, and the Middle East share their knowledge on countermeasures against threats posed by hackers. Ali Azzam, the Egypt-based Vice President of Mideast Communication Systems, underlined the importance of cybersecurity festivals such as the PHD in the current global environment. 'As the official distributor of Positive Technologies in the Middle East and Africa, we are thrilled to be attending Positive Hack Days Fest. This is our second time participating in this event, and it provides a fantastic opportunity to connect with cybersecurity experts from around the world,' Azzam said. 'Positive Technologies offers a range of unique cybersecurity solutions and has significant strengths and key advantages in various sectors. We believe it is essential for us to encourage Egyptians to attend this festival, as they can gain valuable insights that can be applied to the Middle Eastern industries.' With more than 150,00 visitors and 180,000 online viewers, the 2025 edition of the Positive Hack Days was the biggest since its inception in 2011. Among the attendees was Tushar Dinesh Vartak, Chief Information Security Officer of the UAE's RAKBank. 'Today's cybersecurity leaders must speak the language of top management and understand business processes to implement proactive, business-aligned security strategies,' Vartak said. Vikneswaran Rajagopalan, a Dubai-based cybersecurity professional, revealed why it was so important to attend this cybersecurity festival in Moscow. 'Two years ago we started focusing more on OT (Operational Technology). We have a protected system, but attacks are still happening. So that's why it's one of the reasons for us to be here at this festival to look at the new inventions and learn about the new roadmaps and how we can adapt all that to our system for better security,' Rajagopalan said during a media roundtable at Luzhniki Stadium on the first day of the festival. 'We are well aware of this annual event for a long time. It's one of the biggest hackathon events in the world. It's very important for us to be here and understand how the technology grows. 'And Russia is well-known for ethical hackers. So we are here to understand the new solutions so we can serve the customers even better and prevent the attacks.' The festival also threw light on AI-driven fraud and the importance of regulatory reforms for business strategies. 'Today if you look at it, AI is the buzzword, everything revolves around AI. If I look at Positive Technologies, and I have been working with them for quite a long time, their research team is using the technology properly and it is giving very good results,' said Rajagopalan. Hundreds of professionals from corporate houses across the world attended the event. While they compete for the attention of clients in the cut-throat world of business, what binds them together is the need for a secure digital future. 'The solution lies in jointly building a new digital architecture where collaboration becomes a strategic advantage, not dependency,' said Yury Maksimov, co-founder of Cyberus.
Tahawul Tech
30-05-2025
- General
- Tahawul Tech
'Our mission is to develop highly skilled cybersecurity professionals who can protect their nations' digital sovereignty.' – Yuliya Danchina, Positive Technologies
Positive Technologies is on a mission to equip the next-generation of cybersecurity professionals with the skills needed to help nations protect their digital sovereignty, following the official launch of their Positive Hack Camp, which runs from July 26 to August 10th. Positive Hack Camp combines intensive training in ethical hacking, real-world practical exercises, and international experience sharing. Prospective applicants must submit their registration before June 15. Positive Hack Camp is a global educational initiative by Positive Technologies with the support of the Russian Ministry of Digital Development and CyberEd, a partner of the Cyberus foundation. The program brings together young professionals from around the world, offering them top-tier, hands-on experience from Positive Technologies, a leader in result-driven cybersecurity. Last year's cyber camp brought together over 70 participants from 20 countries across Africa, Asia, Latin America, and the Middle East. From July 26 to August 10, over 100 future cybersecurity leaders will engage in training sessions, hands-on labs, and workshops based on real-world cybersecurity challenges. The program will be led by white-hat hackers from Positive Technologies – researchers credited with discovering thousands of critical vulnerabilities. Their findings have contributed to enhanced security for companies such as Apple, Cisco, Dell, Google, IBM, Microsoft, Mitsubishi, Oracle, and PayPal. Beyond training, the camp offers cultural tours, cross-border networking, and friendship-building activities – creating a global cybersecurity community. 'Positive Hack Camp is a unique program uniting talents to build a more secure digital future. Our mission is to develop highly skilled cybersecurity professionals who can protect their nations' digital sovereignty. Through intensive training and hands-on sessions, participants learn to prevent, detect, and combat cyberthreats. As a leader in result-driven cybersecurity, Positive Technologies is proud to share our expertise with the global community', – Yuliya Danchina, Positive Technologies Customer and Partner Training Director, Head of Positive Education. This program, conducted in English, is for students and young professionals over 18, who are aspiring ethical hackers, ready to grow fast and build international contacts. Safety, food, accommodation, and chaperoning for the participants are included. Applications must be submitted on the official website by June 15, 2025.
