Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Linkedin ignoroval bezpečnostní chybu, hlásí člověk, který hacknul profil Marka Zuckerberga

Zive.cz - bezpečnost - 8 hodin 39 min zpět
Do stejné situace jako před lety se dostal palestinský IT expert Khalil Shreateh. Objevil bezpečnostní chybu v profesní síti Linkedin, upozornil na ni a firma ji odmítla opravit. To samé se mu přitom stalo kdysi v případě Facebooku. Shreateh se dostal do povědomí médií před čtyřmi lety. Objevil ...
Kategorie: Hacking & Security

Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords

The Hacker News - 16 Prosinec, 2017 - 09:36
If you are running Windows 10 on your PC, then there are chances that your computer contains a pre-installed 3rd-party password manager app that lets attackers steal all your credentials remotely. Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently installs new "suggested apps" without asking for users’
Kategorie: Hacking & Security

Top 10 Ways Your Healthcare Organization May be Violating HIPAA and Not Know It

InfoSec Institute Resources - 16 Prosinec, 2017 - 02:49

HIPAA legislation was established by the US Federal Government in 1996. These are rules and standards designed to protect the security and privacy of patient health information. It has implemented national requirements for organizations and individuals designed to enforce certain technical, physical and administrative safeguards to maintain the integrity, availability, and confidentiality of protected health […]

The post Top 10 Ways Your Healthcare Organization May be Violating HIPAA and Not Know It appeared first on InfoSec Resources.

Top 10 Ways Your Healthcare Organization May be Violating HIPAA and Not Know It was first posted on December 15, 2017 at 7:49 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Top 10 Ways to Make Sure Your BYOD Program Is Secure

InfoSec Institute Resources - 16 Prosinec, 2017 - 02:04

BYOD implementation has become the new standard within enterprise organizations, and there’s no sign of things slowing down. According to Cisco, 69% of IT decision makers view BYOD as a positive add-on to any workplace policy as it saves employees’ time. Also, BYOD increases productivity by enabling workers to use devices they are familiar with, […]

The post Top 10 Ways to Make Sure Your BYOD Program Is Secure appeared first on InfoSec Resources.

Top 10 Ways to Make Sure Your BYOD Program Is Secure was first posted on December 15, 2017 at 7:04 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

FCC Just Killed Net Neutrality—What Does This Mean? What Next?

The Hacker News - 15 Prosinec, 2017 - 20:58
Net neutrality is DEAD—3 out of 5 federal regulators voted Thursday to hand control of the future of the Internet to cable and telecommunication companies, giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs
Kategorie: Hacking & Security

Triton Malware Targets Industrial Control Systems in Middle East

Threatpost - 15 Prosinec, 2017 - 19:30
Malware intended for a “high-impact” attack against safety systems likely would of caused physical damage to a targeted company located in the Middle East.
Kategorie: Hacking & Security

Simple research tool detects 19 unknown data breaches

Sophos Naked Security - 15 Prosinec, 2017 - 18:51
A security insight so simple you wonder why nobody has noticed it before.

How MP Nadine Dorries could have shared her passwords securely

Sophos Naked Security - 15 Prosinec, 2017 - 17:33
Remember, it isn't a secret if you tell somebody else.

Zranitelnost TLS protokolu

CSIRT.cz - 15 Prosinec, 2017 - 14:11
Kategorie: Hacking & Security

IoT Radio Communication Attack – Part Three

InfoSec Institute Resources - 15 Prosinec, 2017 - 14:00

This is the 3rd part in the series named “IoT – Radio Communication Attack.” I hope you have read the first and second part, if not please go through it. I hope you have installed GNU Radio Companion (henceforth GRC) software on your laptop. Also, if you wish you can use Pentoo OS as discussed […]

The post IoT Radio Communication Attack – Part Three appeared first on InfoSec Resources.

IoT Radio Communication Attack – Part Three was first posted on December 15, 2017 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Phishing Attacks Targeting Young Adults

InfoSec Institute Resources - 15 Prosinec, 2017 - 14:00

Everyone is susceptible to phishing, a social engineering technique that takes a variety of shapes and forms to target Internet users and extort valuable information from them. While much is known about phishing, less is understood about its association with demographic variables (e.g., age and gender). Some studies, however, have targeted the demographics of phishing […]

The post Phishing Attacks Targeting Young Adults appeared first on InfoSec Resources.

Phishing Attacks Targeting Young Adults was first posted on December 15, 2017 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Tips for Drafting Efficient Employee Information Security Policies

InfoSec Institute Resources - 15 Prosinec, 2017 - 14:00

1. Introduction Employee information security policies impose obligations on employees of organizations which aim to reduce the risks of cyber-attacks. Such policies usually contain instructions on how to choose strong passwords, apply patches and updates, detect phishing schemes, protect sensitive information, and respond to information security incidents. There is an abundance of online materials about […]

The post Tips for Drafting Efficient Employee Information Security Policies appeared first on InfoSec Resources.

Tips for Drafting Efficient Employee Information Security Policies was first posted on December 15, 2017 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

FCC repeals net neutrality

Sophos Naked Security - 15 Prosinec, 2017 - 12:37
What will this mean for the future of the internet?

To avoid phishing hooks don’t swim with the shoal

Sophos Naked Security - 15 Prosinec, 2017 - 12:12
A study found that national culture is the strongest predictor of an individual's ability to spot deceitful emails.

Apple si chce patentovat systém na bázi Blockchainu. Začnou mít firmy vlastní kryptoměny?

Zive.cz - bezpečnost - 15 Prosinec, 2017 - 11:30
** Technologie Blockchain je základem většiny kryptoměn, včetně Bitcoinu ** Apple si patentoval systém využívající Blockchain ** Apple plánuje systém použít na vícestupňové ověřování informací
Kategorie: Hacking & Security

We need to talk about mathematical backdoors in encryption algorithms

LinuxSecurity.com - 15 Prosinec, 2017 - 11:01
LinuxSecurity.com: Security researchers regularly set out to find implementation problems in cryptographic algorithms, but not enough effort is going in comparison is being put into looking for mathematical backdoors, two cryptography professors argue.
Kategorie: Hacking & Security

BlueBorne Attack Highlights Flaws in Linux, IoT Security

LinuxSecurity.com - 15 Prosinec, 2017 - 10:58
LinuxSecurity.com: Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
Kategorie: Hacking & Security

Why Hackers Are in Such High Demand, and How They're Affecting Business Culture

LinuxSecurity.com - 15 Prosinec, 2017 - 10:44
LinuxSecurity.com: News headlines often focus on the hackers who launch cyber attacks and leak confidential data such as National Security Agency exploits, sensitive political emails, and unreleased HBO programming, but hackers can also affect organizations in positive ways.
Kategorie: Hacking & Security

TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage

The Hacker News - 15 Prosinec, 2017 - 09:49
Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems (ICS) with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety Instrumented System (SIS) controllers made by Schneider Electric—an autonomous control system that
Kategorie: Hacking & Security

Additional protections by Safe Browsing for Android users

Google Security Blog - 15 Prosinec, 2017 - 06:45
Posted by Paul Stanton and Brooke Heinichen, Safe Browsing Team

Updated on 12/14/17 to further distinguish between Unwanted Software Policy and Google Play Developer Program Policy
In our efforts to protect users and serve developers, the Google Safe Browsing team has expanded enforcement of Google's Unwanted Software Policy to further tamp down on unwanted and harmful mobile behaviors on Android. As part of this expanded enforcement, Google Safe Browsing will show warnings on apps and on websites leading to apps that collect a user’s personal data without their consent.

Apps handling personal user data (such as user phone number or email), or device data will be required to prompt users and to provide their own privacy policy in the app. Additionally, if an app collects and transmits personal data unrelated to the functionality of the app then, prior to collection and transmission, the app must prominently highlight how the user data will be used and have the user provide affirmative consent for such use.

These data collection requirements apply to all functions of the app. For example, during analytics and crash reportings, the list of installed packages unrelated to the app may not be transmitted from the device without prominent disclosure and affirmative consent.

These requirements, under the Unwanted Software Policy, apply to apps in Google Play and non-Play app markets. The Google Play team has also published guidelines for how Play apps should handle user data and provide disclosure.

Starting in 60 days, this expanded enforcement of Google’s Unwanted Software Policy may result in warnings shown on user devices via Google Play Protect or on webpages that lead to these apps. Webmasters whose sites show warnings due to distribution of these apps should refer to the Search Console for guidance on remediation and resolution of the warnings. Developers whose apps show warnings should refer to guidance in the Unwanted Software Help Center. Developers can also request an app review using this article on App verification and appeals, which contains guidance applicable to apps in both Google Play and non-Play app stores. Apps published in Google Play have specific criteria to meet under Google Play’s Developer Program Policies; these criteria are outlined in the Play August 2017 announcement.
Kategorie: Hacking & Security
Syndikovat obsah