Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

The Hacker News - 21 Duben, 2018 - 16:05
Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address,
Kategorie: Hacking & Security

Cybercrime Economy Generates $1.5 Trillion a Year

LinuxSecurity.com - 21 Duben, 2018 - 12:33
LinuxSecurity.com: If cybercrime was a country, it would have the 13th highest GDP in the world. Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime.
Kategorie: Hacking & Security

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term

The Hacker News - 21 Duben, 2018 - 12:29
The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday. Kane Gamble, now 18, hacked into email accounts of former CIA director John Brennan, former Director of National Intelligence James Clapper, former FBI Deputy Director Mark Giuliano, and other senior FBI officials—all from his parent's
Kategorie: Hacking & Security

Email attacks continue to cause headaches for companies

LinuxSecurity.com - 21 Duben, 2018 - 12:23
LinuxSecurity.com: Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a report by F-Secure.
Kategorie: Hacking & Security

Leveraging AI to protect our users and the web

Google Security Blog - 20 Duben, 2018 - 22:12
Posted by Elie Bursztein, Anti-Abuse Research Lead - Ian Goodfellow, Adversarial Machine Learning Research Lead

Recent advances in AI are transforming how we combat fraud and abuse and implement new security protections. These advances are critical to meeting our users’ expectations and keeping increasingly sophisticated attackers at bay, but they come with brand new challenges as well.

This week at RSA, we explored the intersection between AI, anti-abuse, and security in two talks.

Our first talk provided a concise overview of how we apply AI to fraud and abuse problems. The talk started by detailing the fundamental reasons why AI is key to building defenses that keep up with user expectations and combat increasingly sophisticated attacks. It then delved into the top 10 anti-abuse specific challenges encountered while applying AI to abuse fighting and how to overcome them. Check out the infographic at the end of the post for a quick overview of the challenges we covered during the talk.

Our second talk looked at attacks on ML models themselves and the ongoing effort to develop new defenses.

It covered attackers’ attempts to recover private training data, to introduce examples into the training set of a machine learning model to cause it to learn incorrect behaviors, to modify the input that a machine learning model receives at classification time to cause it to make a mistake, and more.

Our talk also looked at various defense solutions, including differential privacy, which provides a rigorous theoretical framework for preventing attackers from recovering private training data.

Hopefully you were to able to join us at RSA! But if not, here is re-recording and the slides of our first talk on applying AI to abuse-prevention, along with the slides from our second talk about protecting ML models.

Kategorie: Hacking & Security

CISSP: Development Environment Security Controls

InfoSec Institute Resources - 20 Duben, 2018 - 21:15

Introduction Cloud computing and mobile applications are radically changing the way we do business. Enterprises are building applications more rapidly than ever before, often using Agile development processes and then expanding their internal development programs with third-party software and open-source libraries and components that increase the overall threat exposure cumulatively. An application or software “vulnerability” […]

The post CISSP: Development Environment Security Controls appeared first on InfoSec Resources.

CISSP: Development Environment Security Controls was first posted on April 20, 2018 at 2:15 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How To Become CISA Certified – Certification Requirements

InfoSec Institute Resources - 20 Duben, 2018 - 19:18

Introduction CISA certification is designed for professionals who want to showcase their knowledge and experience in information system (IS) control, assurance and security. This certification by ISACA is globally recognized and is considered to be the gold standard. Having a certification like CISA gives you all the credibility you need to move forward in your […]

The post How To Become CISA Certified – Certification Requirements appeared first on InfoSec Resources.

How To Become CISA Certified – Certification Requirements was first posted on April 20, 2018 at 12:18 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats

Threatpost - 20 Duben, 2018 - 17:39
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
Kategorie: Hacking & Security

Podcast: How Millions of Apps Leak Private Data

Threatpost - 20 Duben, 2018 - 17:24
Threatpost's Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about his discoveries this week at the RSA Conference.
Kategorie: Hacking & Security

HackerOne CEO Talks Bug Bounty Programs at RSA Conference

Threatpost - 20 Duben, 2018 - 15:03
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
Kategorie: Hacking & Security

RSA Conference has a leaky app… again!

Sophos Naked Security - 20 Duben, 2018 - 14:55
Cybersecurity conferences don't always practise what they preach.

Kingpin who made 100 million robocalls loses his voice

Sophos Naked Security - 20 Duben, 2018 - 14:45
The man behind a cacophony of robocalls had little to say for himself on Capitol Hill

Chrome anti-phishing protection… from Microsoft!

Sophos Naked Security - 20 Duben, 2018 - 14:30
If you can't beat 'em, join 'em.

Critical Unpatched RCE Flaw Disclosed in LG Network Storage Devices

The Hacker News - 20 Duben, 2018 - 14:22
If you have installed a network-attached storage device manufactured by LG Electronics, you should take it down immediately, read this article carefully and then take appropriate action to protect your sensitive data. A security researcher has revealed complete technical details of an unpatched critical remote command execution vulnerability in various LG NAS device models that could let
Kategorie: Hacking & Security

LinkedIn Fixes User Data Leak Bug

LinuxSecurity.com - 20 Duben, 2018 - 13:26
LinuxSecurity.com: LinkedIn has quietly patched a vulnerability which could have allowed malicious third parties to steal members' personal data.
Kategorie: Hacking & Security

How porn bots abuse government websites

Sophos Naked Security - 20 Duben, 2018 - 13:23
Bots run by shady websites are creating thousands of phantom pages

GitHub: New copyright rules could strangle software development

LinuxSecurity.com - 20 Duben, 2018 - 13:20
LinuxSecurity.com: Developer platform GitHub has warned that plans to stop copyright infringements online could have a major impact on open-source software development.
Kategorie: Hacking & Security

Hackerům se podařilo ukrást databázi kasina skrze chytrý termostat v akváriu

Zive.cz - bezpečnost - 20 Duben, 2018 - 08:30
Čím dál častěji se mluví o tom, že internet věcí bude dalším velkým bezpečnostním rizikem, protože chytré ledničky, hračky a podobné předměty zpravidla nemají rozsáhlé zabezpečení. Zářným příkladem je teď jedno lasvegaské kasino – hackeři mu ukradli důležitá data skrze chytrý termostat v ...
Kategorie: Hacking & Security

Over 20 Million Users Installed Malicious Ad Blockers From Chrome Store

The Hacker News - 20 Duben, 2018 - 04:48
If you have installed any of the below-mentioned Ad blocker extension in your Chrome browser, you could have been hacked. A security researcher has spotted five malicious ad blockers extension in the Google Chrome Store that had already been installed by at least 20 million users. Unfortunately, malicious browser extensions are nothing new. They often have access to everything you do online
Kategorie: Hacking & Security

IoT Security Concerns Peaking – With No End In Sight

Threatpost - 19 Duben, 2018 - 19:17
Despite numerous talks about IoT vulnerabilities at RSAC this week, a clear resolution on fixes is nowhere in sight.
Kategorie: Hacking & Security
Syndikovat obsah