Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Jaké triky zkoušejí počítačoví piráti před Vánocemi

Novinky.cz - bezpečnost - 22 Listopad, 2017 - 10:09
Nejdůležitějším obdobím v roce jsou pro kybernetické zločince Vánoce. Před samotnými svátky jde totiž často obezřetnost stranou a lidé jsou schopni se nachytat i na nejrůznější phishingové podvody, kterých by si za jiných okolností všimli.
Kategorie: Hacking & Security

Hackeři ukradli Uberu data 57 miliónů zákazníků a řidičů

Novinky.cz - bezpečnost - 22 Listopad, 2017 - 07:09
Hackeři loni v říjnu ukradli alternativní taxislužbě Uber data 50 miliónů zákazníků a sedmi miliónů řidičů. V úterý místního času (v noci na středu SELČ) to oznámil šéf Uberu Dara Khosrowshahi s tím, že se to dozvěděl teprve nedávno. Incident přitom společnost rok tajila a hackerům zaplatila 100 000 dolarů (asi 2,2 miliónu korun), aby data vymazali a o útoku mlčeli, napsala agentura Bloomberg.
Kategorie: Hacking & Security

Uber Reveals 2016 Breach of 57 Million User Accounts

Threatpost - 22 Listopad, 2017 - 06:40
Uber CEO said a 2016 data breach that exposed 57 million Uber user accounts and a subsequent payment of $100,000 to a hacker to delete data and keep it a secret is inexcusable.
Kategorie: Hacking & Security

Uber suffered massive data breach, then paid hackers to keep quiet

Sophos Naked Security - 22 Listopad, 2017 - 01:35
Uber suffered a data breach in 2016, but didn't tell anyone - instead, it seems the company paid the hackers to help to hush it up.

Security+: Risk Mitigation Strategies

InfoSec Institute Resources - 22 Listopad, 2017 - 00:49

Introduction Once a thorough risk analysis has been performed, various solutions can be implemented, including avoidance, transference, acceptance, mitigation, and deterrence. The following sections describe the various risk-mitigation strategies, such as change management, incident response, user rights and permission reviews, routine audits, policy and procedure enforcement to prevent data loss and theft, and enforcement of […]

The post Security+: Risk Mitigation Strategies appeared first on InfoSec Resources.

Security+: Risk Mitigation Strategies was first posted on November 21, 2017 at 5:49 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Security+: Understanding Security Risk Concepts

InfoSec Institute Resources - 22 Listopad, 2017 - 00:41

Introduction Risk can be defined as “the possibility that something (such as virus or malware attack) could disclose, destroy, or damage data or other resources in the organization.” The purpose of security is to prevent risks and to ensure authorized access. By using risk management and information security strategies, security professionals identify some factors that […]

The post Security+: Understanding Security Risk Concepts appeared first on InfoSec Resources.

Security+: Understanding Security Risk Concepts was first posted on November 21, 2017 at 5:41 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Intel Patches CPU Bugs Impacting Millions of PCs, Servers

Threatpost - 21 Listopad, 2017 - 21:03
Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications.
Kategorie: Hacking & Security

Mnohé weby sledují, co přesně děláte. Znají každý pohyb myší a úder do klávesnice

Zive.cz - bezpečnost - 21 Listopad, 2017 - 19:00
** EU nutí weby, aby zobrazovaly otravné sušenkové proužky ** Doba přitom už poněkud pokročila ** Současná analytika zvládne divy, aniž by to nebohý surfař vůbec tušil
Kategorie: Hacking & Security

US Senate takes aim at “warrantless surveillance”

Sophos Naked Security - 21 Listopad, 2017 - 18:00
The proposal would put curbs on Section 702, but will it pass?

Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable

The Hacker News - 21 Listopad, 2017 - 17:12
In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer. Now, Intel has admitted that these security vulnerabilities could "potentially place impacted platforms at risk." The popular chipmaker released a security
Kategorie: Hacking & Security

GitHub starts scanning millions of projects for insecure components

Sophos Naked Security - 21 Listopad, 2017 - 16:43
The code repository will warn you about insecure dependencies

Zico2: 1 – Walkthrough

InfoSec Institute Resources - 21 Listopad, 2017 - 16:00

Zico2 is a machine that came on VulnHub. Created by Rafael, it surfaced on June 19th, 2017. It can be downloaded from https://www.vulnhub.com/entry/zico2-1,210/ The objective is to get root privileges and get the flag. For a change, I would be using https://root-me.org to run the target machine. I tried to run the machine locally using […]

The post Zico2: 1 – Walkthrough appeared first on InfoSec Resources.

Zico2: 1 – Walkthrough was first posted on November 21, 2017 at 9:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Google Collects Android Location Data Even When Location Service Is Disabled

The Hacker News - 21 Listopad, 2017 - 15:40
Do you own an Android smartphone? If yes, then you are one of those billions of users whose smartphone is secretly gathering location data and sending it back to Google. Google has been caught collecting location data on every Android device owner since the beginning of this year (that's for the past 11 months)—even when location services are entirely disabled, according to an investigation
Kategorie: Hacking & Security

Kyberzločinci ukradli virtuální mince za více než 675 miliónů korun

Novinky.cz - bezpečnost - 21 Listopad, 2017 - 15:39
Na více než 675 miliónů korun si přišli počítačoví piráti, kteří odcizili virtuální mince tether, které jsou konkurencí bitcoinů. Pikantní na tom je, že je kyberzločinci ukradli přímo ze společnosti Tether Treasury, jež má na starosti správu měny tether a vydávání nových mincí.
Kategorie: Hacking & Security

What You Need to Know About the New CISSP CAT Exam

InfoSec Institute Resources - 21 Listopad, 2017 - 15:03

Big changes are coming to the CISSP exam! Starting December 18, 2017, (ISC)2 will transition the fixed-form, linear-based CISSP English exam to a Computerized Adaptive Testing (CAT) format. The linear CISSP English exam format will be discontinued after December 17. According to (ISC)2, the CISSP CAT exam offers a more precise and efficient evaluation of […]

The post What You Need to Know About the New CISSP CAT Exam appeared first on InfoSec Resources.

What You Need to Know About the New CISSP CAT Exam was first posted on November 21, 2017 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Germany bans sale, distribution and possession of kids’ smartwatches

Sophos Naked Security - 21 Listopad, 2017 - 14:51
The regulator is telling parents it's up to them to destroy the things

Ex-Facebook privacy manager dishes the dirt on your data

Sophos Naked Security - 21 Listopad, 2017 - 14:42
"Lawmakers shouldn’t allow Facebook to regulate itself. Because it won’t."

Pentester Academy Command Injection ISO: Basilic 1.5.14 exploitation

InfoSec Institute Resources - 21 Listopad, 2017 - 14:00

Pentester Academy has launched a Command Injection ISO virtual image of Ubuntu. This image has 10 real-world application that has vulnerable application framework. Remote code execution is possible by exploiting each of the installed application. All the application is not necessarily running on port 80. Refer the following link for download and information purpose: https://www.vulnhub.com/entry/command-injection-iso-1,81/ […]

The post Pentester Academy Command Injection ISO: Basilic 1.5.14 exploitation appeared first on InfoSec Resources.

Pentester Academy Command Injection ISO: Basilic 1.5.14 exploitation was first posted on November 21, 2017 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Tether Hacked — Attacker Steals $31 Million of Digital Tokens

The Hacker News - 21 Listopad, 2017 - 12:10
Again some bad news for cryptocurrency users. Tether, a Santa Monica-based start-up that provides a dollar-backed cryptocurrency tokens, has claimed that its systems have been hacked by an external attacker, who eventually stole around $31 million worth of its tokens. With a market capitalization of $673 million, Tether is the world's first blockchain-enabled platform to allow the
Kategorie: Hacking & Security

Threat Predictions for Connected Life in 2018

Kaspersky Securelist - 21 Listopad, 2017 - 11:00

ul li {margin-bottom:2.4rem;}

 Download the Kaspersky Security Bulletin: Threat Predictions for Connected Life in 2018

Introduction: To be awake is to be online

The average home now has around three connected computers and four smart mobile devices. Hardly surprising, considering that 86 per cent of us check the Internet several times a day or more, and that’s outside of work. Chatting, shopping, banking, playing games, listening to music, booking travel and managing our increasingly connected homes. The risk of cyberattack can be the furthest thing from our mind.

Every year, Kaspersky Lab’s experts look at the main cyberthreats facing connected businesses over the coming 12 months, based on the trends seen during the year. For 2018, we decided to extract some top predictions that also have big implications for everyday connected life.

So what could the hackers be after in 2018?

  • Security gaps in your connected car. Earlier this year, researchers showed how a hack could shut down all safety features in a car, including airbags. Such attacks will become easier as connected cars contain more and more components that could be accessed digitally. For example: mobile phones can be paired with a vehicle’s head unit via Bluetooth; and Bluetooth was recently found to have more than 8 serious software vulnerabilities. A hacker only has to use one and they will have an access to car systems to conduct further attacks. Some cars have cellular or Wi-Fi connectivity and almost any modern car has a USB-port – all of these can be used in order to deliver infected code to the car’s systems.

    The data exchange between the internal systems of a car has been proven to be vulnerable to external interference, both by external researchers and Kaspersky Lab own findings. Given the fact that car industry is planning the development and production cycles years ahead, it is unlikely that all reported issues will be fixed in new connected cars coming on the market in 2018. Most of these cars were designed before cybersecurity became an issue for the automotive industry. That said, we expect that cars coming off the production line after that will have the most critical cybersecurity features implemented and will therefore be safer.

  • Vulnerable car apps. Most leading car manufacturers now offer apps to make life easier for drivers – they can locate, lock/unlock your car, check tire pressure, request assistance, schedule maintenance and more. Researchers have already shown how many such apps can be hacked to partly take over a car. 2018 could see the first appearance of an infected app that can manage a car or spy on its owner by tracking their location, or collecting authentication data. This data could then be sold on the underground market. Kaspersky Lab researchers have seen signs that authentication data to access connected car apps is already in demand on underground markets. As the number of connected cars increases, this trend will become a bigger problem.
  • Security gaps in wearable medical devices/implants, for data theft or sabotage. In 2018, there will be an estimated 19 million connected medical wearables, such as insulin pumps, pacemakers, monitors etc. in use, up from 12.8 million today. Companies are already issuing warnings about security gaps, knowing that, in an extreme case hackers could tamper with devices, set them to administer a fatal dose or to otherwise malfunction. This threat will rise in 2018 and probably keep on rising.
  • Still everywhere. The global pandemic that is ransomware shows no signs of abating. Our data shows that just under a million of our users were attacked with ransomware in 2017, only slightly less than in 2016 – but the actual number of those attacked in 2017 will be much higher. For example, the WannaCry ransomware victim count may exceed 700,000. With malware and distribution tools freely available on the web, attackers have discovered that locking or encrypting people’s data and devices – and those belonging to big companies, hospitals and smart city networks – is an easy and effective way of making money. In 2018 expect more of the same.
  • Malware, ditto – particularly that targeting Android mobile devices. We live in an increasingly mobile-driven world and hackers have upped their game. In 2017, we saw Android malware poisoning hotel booking, taxi service and ride-sharing apps, targeting mobile payments (SMS- and WAP billing), and using new techniques to bypass OS security. In 2018 we expect to see even more innovation.
  • Getting you to mine for cryptocurrency coins or stealing your coins. Cryptocurrencies are becoming more popular, so experts predict hackers will tap into people wanting to get a share of the action. In 2018, this could see more people going over to mining cryptocurrencies on their work-computers. We’ll certainly see more attacks designed to steal crypto coins from users, or install hidden mining tools on machines, particularly mobiles. Kaspersky Lab research shows that the number of people hit by such attacks have already exceeded two million in 2017. On the other hand, if handled properly and with the user’s consent, some forms of cryptocurrency mining may become a legal way of monetization for websites and/or apps.
  • Taking control of your connected stuff to create big botnets. Your home routers, connected webcams and smart thermostats are all great, but they’re likely full of software bugs and if you don’t set a proper password, hackers can pull them into a huge zombie botnet.  The infamous ‘Mirai’ botnet that nearly broke the Internet in 2016 was largely made up of CCTV cameras and connected printers – and in 2017 researchers found attackers improving Mirai’s tools. Proven as reliable and effective denial-of-service tools, new botnets built out of insecure devices may emerge in 2018.
  • Taking control of the world’s connected stuff for large scale disruption. Speaking of smart city technology such as CCTV cameras, what would happen if there was an attack on a city’s light control systems, causing not just blackouts but stroboscopic effects? Over the next year, smart city technologies such as traffic control, lighting, speed cameras, public transport and power supplies, as well as air traffic control infrastructure and more, will be a growing target for hackers. It’s estimated that by 2020 there will be 9.6 billion connected things used in smart cities around the world. Many of them just as buggy and vulnerable as your home router. Disruption to and disabling of these vast connected systems could do untold damage.
Conclusion: Stay awake when online

So there’s some scary stuff and a few not very nice people out there.  That shouldn’t stop you from making the most of what connected devices and systems have to offer over the next year and beyond. Fortunately, there are a lot of simple things that you can to stay safe.  Here’s a few examples:

  • Make use of the security features that come with your devices: set a decent password and keep the software updated. Not just phones and computers, but everything that is connected.
  • Be selective when choosing a smart device. Ask yourself: Does this really need an internet connection? If the answer is yes, then take the time to understand the device options before buying. If you discover that it has hard-coded passwords, choose a different model.
  • Consider cryptocurrencies as another way of saving and treat them accordingly. Just like you treat your ‘regular’ money.
  • Only install apps from reputable stores like Google Play, created by reputable developers.
  • Last but not least, consider supplementing the OS/device security with some additional software – particularly to keep your family and finances safe. A free version of Kaspersky Lab’s security software is available here.

For more information and advice on staying safe online please see the Kaspersky Daily blog.

Syndikovat obsah