Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Státní hackery prověří detektor lži, prohlásil Beroun

Novinky.cz - bezpečnost - 25 Červen, 2017 - 10:44
Ředitel Vojenského zpravodajství Jan Beroun odmítá kritiku, že tajná služba získá s novým zákonem, který jí umožní sledovat internet, nekontrolovanou moc. Dohled vlády a parlamentu podle něj posílí i to, že všichni zaměstnanci centra kybernetické obrany neboli státní hackeři budou muset projít detektorem lži.
Kategorie: Hacking & Security

Britský parlament se stal terčem kybernetického útoku

Novinky.cz - bezpečnost - 24 Červen, 2017 - 17:58
Britský parlament se stal terčem kybernetického útoku. Někdo se pokusil vniknout do osobních účtů, sdělil v sobotu BBC zdroj z Dolní sněmovny. Kvůli snaze o vyřešení problému zákonodárci přišli o vzdálený přístup do své elektronické pošty, informovala agentura Reuters.
Kategorie: Hacking & Security

Dva mladíci útočili na Microsoft. Nedopadlo to dobře

Novinky.cz - bezpečnost - 24 Červen, 2017 - 15:57
Dva mladí hackeři z Anglie se snažili zaútočit na servery amerického Microsoftu s jediným cílem – ukrást citlivá data zákazníků tohoto softwarového gigantu. Jejich snažení však bylo neúspěšné, a co hůř, oba skončili v rukách policie. Upozornil na to server The Hacker News.
Kategorie: Hacking & Security

Microsoft's Private Windows 10 Internal Builds and Partial Source Code Leaked Online

The Hacker News - 24 Červen, 2017 - 13:09
A massive archive of Microsoft's top-secret Windows 10 builds, and the source codes for private software has been reportedly leaked online, which could lead to a nasty wave of Windows 10 exploits, journalist at the Reg claims. The Leaked files – uploaded on BetaArchive website – contains more than 32 terabytes of data, which includes many non-public Windows 10 and Windows Server 2016 builds
Kategorie: Hacking & Security

Obama reportedly ordered implants to be deployed in key Russian networks

Ars Technica - 23 Červen, 2017 - 22:51

Enlarge (credit: Wikimedia Commons/Maria Joner)

In his final days as the 44th president of the United States, Barack Obama authorized a covert hacking operation to implant attack code in sensitive Russian networks. The revelation came in an 8,000-word article The Washington Post published Friday that recounted a secret struggle to punish the Kremlin for tampering with the 2016 election.

According to Friday's article, the move came some four months after a top-secret Central Intelligence Agency report detailed Russian President Vladimir Putin's direct involvement in a hacking campaign aimed at disrupting or discrediting the presidential race. Friday's report also said that intelligence captured Putin's specific objective that the operation defeat or at least damage Democratic candidate Hillary Clinton and help her Republican rival Donald Trump. The Washington Post said its reports were based on accounts provided by more than three dozen current and former US officials in senior positions in government, most of whom spoke on the condition of anonymity.

In the months that followed the August CIA report, 17 intelligence agencies confirmed with high confidence the Russian interference. After months of discussions with various advisors, Obama enacted a series of responses, including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and expelling 35 Russian diplomats from the US. All of those measures have been known for months. The Post, citing unnamed US officials, said Obama also authorized a covert hacking program that involved the National Security Agency, the CIA, and the US Cyber Command. According to Friday's report:

Read 1 remaining paragraphs | Comments

Kategorie: Hacking & Security

Siemens Patches Vulnerabilities in SIMATIC CP, XHQ

Threatpost - 23 Červen, 2017 - 20:07
Siemens patched two vulnerabilities in products, SIMATIC CP and XHQ, commonly found in industrial control system setups this week
Kategorie: Hacking & Security

Few Victims Reporting Ransomware Attacks to FBI

Threatpost - 23 Červen, 2017 - 19:34
The FBI's Internet Crime Complaint Center (IC3) identified ransomware as one of 2016's top threats, but a relatively small number of attacks were reported.
Kategorie: Hacking & Security

News in brief: drone chiefs urge regulation; Microsoft drops SMB1; Virgin router warning

Sophos Naked Security - 23 Červen, 2017 - 18:18
Your daily round-up of some of the other stories in the news

Threatpost News Wrap, June 23, 2017

Threatpost - 23 Červen, 2017 - 17:30
Mike Mimoso and Chris Brook discuss the news of the week, including Citizen Lab's latest report, WannaCry hitting Honda, GhostHook, and Fireball.
Kategorie: Hacking & Security

NSA Advocates Data Sharing Framework

Threatpost - 23 Červen, 2017 - 16:04
Fighting attackers needs a new approach that leverages a public-private data sharing framework, enabling immediate and collective responses.
Kategorie: Hacking & Security

Russia ‘targeted 21 states’ during US election campaign, says official

Sophos Naked Security - 23 Červen, 2017 - 15:52
Homeland Security official declines to reveal more to Senate hearing as details emerge of hacking attempts in Illinois and Arizona

Check Point says Fireball malware hit 250 million; Microsoft says no

Ars Technica - 23 Červen, 2017 - 14:00

Enlarge (credit: Corinne Kuhlmann)

Microsoft sparked a curious squabble over malware discovery and infection rates. At the start of the month security firm Check Point reported on a browser hijacker and malware downloader called Fireball. The firm claimed that it had recently discovered the Chinese malware and that it had infected some 250 million systems.

Today, Microsoft said no. Redmond claimed that actually, far from being a recent discovery, it had been tracking Fireball since 2015 and that the number of infected systems was far lower (though still substantial) at perhaps 40 million.

The two companies do agree on some details. They say that the Fireball hijacker/downloader is spread through being bundled with programs that users are installing deliberately. Microsoft further adds that these installations are often media and apps of "dubious origin" such as pirated software and keygens. Check Point says that the software was developed by a Chinese digital marketing firm named Rafotech and fingers similar installation vectors; it piggy backs on (legitimate) Rafotech software and may also be spread through spam, other malware, and other (non-Rafotech) freeware.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Ransomware revisited – is it really the worst sort of malware? [Security SOS Week]

Sophos Naked Security - 23 Červen, 2017 - 13:13
Join us for the last webinar in our Security SOS Week - we take a look at ransomware... and all the other malware nasties that roam the net.

Dating app boss sees ‘no problem’ on face-matching without consent

Sophos Naked Security - 23 Červen, 2017 - 13:12
'When you have a bunch of single guys in the office, it goes in that direction', says Dating.AI founder as he dismisses concerns about scraping other dating apps for faces for users to match

Two British Men Arrested For Hacking Microsoft

The Hacker News - 23 Červen, 2017 - 12:22
British police have arrested two men in the UK conspiring to hack into the computer networks of US tech giant Microsoft with plans to steal customers’ data from the software giant. The suspects — 22-year-old from Sleaford and a 25-year-old from Bracknell — were arrested by the detectives from the Britain's South East Regional Organised Crime Unit (SEROCU) Thursday morning (22 June 2017). The
Kategorie: Hacking & Security

Researcher calls the fuzz on OpenVPN, uncovers crashy vulns

LinuxSecurity.com - 23 Červen, 2017 - 11:51
LinuxSecurity.com: OpenVPN has patched a bunch of security vulnerabilities that can be exploited to crash the service or, at a pinch, potentially gain remote-code execution. You should update your installations to versions 2.4.3 or 2.3.17 as soon as you can just to be on the safe side.
Kategorie: Hacking & Security

8 Hot Hacking Tools to Come out of Black Hat USA

LinuxSecurity.com - 23 Červen, 2017 - 11:49
LinuxSecurity.com: Late July and early August are a bit like summer camp and Christmas rolled into one for your typical white hat penetration tester. Not only does the yearly Black Hat USA confab in Vegas give them the opportunity to step away from the keyboard to share ideas and socialize with like-minded friends and colleagues, but it also usually provides a cornucopia of new tools for hacking the heck out of enterprise systems.
Kategorie: Hacking & Security

Vyděračský virus napadl továrnu Hondy

Novinky.cz - bezpečnost - 23 Červen, 2017 - 09:52
V posledních týdnech nebylo o vyděračském viru WannaCry takřka slyšet. To ale neznamená, že by se i nadále nešířil internetem, právě naopak. Tomuto nezvanému návštěvníkovi se dokonce podařilo zavirovat důležité systémy v jedné japonské továrně automobilky Honda. Ta tak musela být uzavřena.
Kategorie: Hacking & Security

New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

The Hacker News - 23 Červen, 2017 - 07:49
Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company's latest and secure operating system, Windows 10. Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely bypass PatchGuard, and hook a malicious kernel code (rootkits) at the kernel level. PatchGuard,
Kategorie: Hacking & Security

How the CIA infects air-gapped networks

Ars Technica - 23 Červen, 2017 - 01:55

Enlarge / A configuration screen found in the Drifting Deadline exploit. (credit: WikiLeaks)

Documents published Thursday purport to show how the Central Intelligence Agency has used USB drives to infiltrate computers so sensitive they are severed from the Internet to prevent them from being infected.

More than 150 pages of materials published by WikiLeaks describe a platform code-named Brutal Kangaroo that includes a sprawling collection of components to target computers and networks that aren't connected to the Internet. Drifting Deadline was a tool that was installed on computers of interest. It, in turn, would infect any USB drive that was connected. When the drive was later plugged into air-gapped machines, the drive would infect them with one or more pieces of malware suited to the mission at hand. A Microsoft representative said none of the exploits described work on supported versions of Windows.

The infected USB drives were at least sometimes able to infect computers even when users didn't open any files. The so-called EZCheese exploit, which was neutralized by a patch Microsoft appears to have released in 2015, worked any time a malicious file icon was displayed by the Windows explorer. A later exploit known as Lachesis used the Windows autorun feature to infect computers running Windows 7. Lachesis didn't require Explorer to display any icons, but the drive letter the thrumbdrive was mounted on had to be included in a malicious link. The RiverJack exploit, meanwhile, used the Windows library-ms function to infect computers running Windows 7, 8, and 8.1. Riverjack worked only when a library junction was viewed in Explorer.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security
Syndikovat obsah