Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Ransomware, Cyberespionage Dominate Verizon DBIR

Threatpost - 28 Duben, 2017 - 00:19
Verizon's Data Breach Investigations Report for 2017 shows big growth in the reported number of ransomware attacks and incidents involving cyberespionage.
Kategorie: Hacking & Security

Lawsuit: Fox News group hacked, surveilled, and stalked ex-host Andrea Tantaros

Ars Technica - 28 Duben, 2017 - 00:05

Andrea Tantaros claims that she was stalked and harassed by multiple Twitter accounts that were coordinated by Fox News executives after she filed a sexual harassment suit. Her new lawsuit also claims that Fox had her computer hacked for spying purposes. (credit: Twitter)

Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 "John Doe" defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her.

Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News' then-Chairman and CEO Roger Ailes, Bill O'Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment.

Tantaros claims that as early as February of 2015, a group run out of a "black room" at Fox News engaged in surveillance and electronic harassment of her, including the use of "sock puppet" social media accounts to electronically stalk her. According to the lawsuit:

Read 7 remaining paragraphs | Comments

Kategorie: Hacking & Security

Lack of Communication Achilles’ Heel for Ransomware Fighters

Threatpost - 27 Duben, 2017 - 23:12
A member of law enforcement acknowledged at SOURCE Boston that the lack of communication around ransomware remains a serious problem.
Kategorie: Hacking & Security

Russian-controlled telecom hijacks financial services’ Internet traffic

Ars Technica - 27 Duben, 2017 - 22:20

Enlarge / A map that visualizes network changes being announced by Rostelecom. (credit: BGPmon)

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.

Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.

"Quite suspicious"

"I would classify this as quite suspicious," Doug Madory, director of Internet analysis at network management firm Dyn, told Ars. "Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks."

Read 8 remaining paragraphs | Comments

Kategorie: Hacking & Security

Chrome to Mark More HTTP Pages ‘Not Secure’

Threatpost - 27 Duben, 2017 - 20:27
Starting with Chrome 62, Google will start marking any HTTP page where users may enter data, and any HTTP page visited in incognito mode
Kategorie: Hacking & Security

Save the Internet: FCC Unveils Plan to Rollback Net-Neutrality Rules

The Hacker News - 27 Duben, 2017 - 19:30
After crushing a set of privacy rules on ISPs that restrict them from sharing your online data with third parties without your consent, President Donald Trump's newly appointed FCC chairman Ajit Pai has announced the first move in its efforts to kill off Net Neutrality. The US Federal Communications Commission (FCC) has announced that it will roll back net neutrality rules that require
Kategorie: Hacking & Security

Next Steps Toward More Connection Security

Google Security Blog - 27 Duben, 2017 - 19:17
Posted by Emily Schechter, Chrome Security Team

In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

Treatment of HTTP pages in Chrome 62
Our plan
to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we’re ready to take the next steps.

Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.

Treatment of HTTP pages with user-entered data in Chrome 62

When users browse Chrome with Incognito mode, they likely have increased expectations of privacy. However, HTTP browsing is not private to others on the network, so in version 62 Chrome will also warn users when visiting an HTTP page in Incognito mode.

Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.
Kategorie: Hacking & Security

Discovery of 8,800 servers sends warning to Asian cybercriminals

Sophos Naked Security - 27 Duben, 2017 - 18:47
Move shows the importance of international co-operation to take down cybercrime at its roots

Banks confident of their approach to security – but still get hit by hackers

Sophos Naked Security - 27 Duben, 2017 - 18:37
How well does your bank look after your details? The financial institutions are pretty confident they're doing a good job

The Time Has Arrived to Embrace Hackers

Threatpost - 27 Duben, 2017 - 17:47
Source Boston keynoter Keren Elazari sounded a call to action for industry to extend an acceptance of hackers.
Kategorie: Hacking & Security

This Phishing Attack is Almost Impossible to Detect On Chrome, Firefox and Opera

The Hacker News - 27 Duben, 2017 - 17:38
A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet. He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial
Kategorie: Hacking & Security

Americký Senát rozdal zaměstnancům nové čipové karty. Jenže se zapomnělo na ty čipy

Zive.cz - bezpečnost - 27 Duben, 2017 - 17:19
Nejen Amerika řeší stále větší důraz na kybernetickou bezpečnost. Je to však právě tamní Senát, který se v těchto dnech dostal do hledáčku technologických médií z poněkud bizarního důvodu. Americké úřady v posledních letech masivně přecházely na dvoufaktorovou identifikaci, kterou známe z mnoha ...
Kategorie: Hacking & Security

Attack Method Highlights Weaknesses in Microsoft CFG

Threatpost - 27 Duben, 2017 - 16:02
As Microsoft hardens its defenses with tools such as Control Flow Guard, researchers at Endgame are preparing for the reality of Counterfeit Object-Oriented Programming attacks to move from theoretical to real.
Kategorie: Hacking & Security

Hack'em If You Can — U.S. Air Force launches Bug Bounty Program

The Hacker News - 27 Duben, 2017 - 15:49
With the growing number of data breaches and cyber attacks, a significant number of companies and organizations have started Bug Bounty programs for encouraging hackers and bug hunters to find and responsibly report vulnerabilities in their services and get rewarded. Now, following the success of the "Hack the Pentagon" and "Hack the Army" initiatives, the United States Department of Defense
Kategorie: Hacking & Security

Samsung Smart TV flaw leaves devices open to hackers

Sophos Naked Security - 27 Duben, 2017 - 14:10
Researchers warn that the TV's lack of authentication means that a hacker could use it to access your Wi-Fi network

Murder victim’s Fitbit contradicts husband’s version of events

Sophos Naked Security - 27 Duben, 2017 - 12:57
Police gathered evidence from Fitbit, home alarm, Facebook, phone and credit cards to piece together timeline of events leading up to woman's death

GrSecurity Kernel Patches Will No Longer Be Free To The Public

LinuxSecurity.com - 27 Duben, 2017 - 12:19
LinuxSecurity.com: The GrSecurity initiative that hosts various out-of-tree patches to the mainline Linux kernel in order to enhance the security will no longer be available to non-paying users.
Kategorie: Hacking & Security

Meet the Nu-Nerds These College-Age Hackers Will Soon Shape Our Future

LinuxSecurity.com - 27 Duben, 2017 - 12:17
LinuxSecurity.com: Google the words "David Dworken" and you'll find a picture of a teenager in an oversize gray suit shaking hands with former secretary of defense Ash Carter, along with a headline that reads: "Meet David Dworken, the Teenager Who Hacked the Pentagon." Which is pure clickbait. Last spring, the Pentagon sponsored a "bug bounty," inviting computer security enthusiasts to dig into Defense.gov, DoDLive, and a few of its other public-facing websites.
Kategorie: Hacking & Security

Open Internet Advocates Vow to Fight Trump FCC's Plan to Kill Net Neutrality

LinuxSecurity.com - 27 Duben, 2017 - 12:14
LinuxSecurity.com: Ten years of fighting for internet freedom, potentially out the window because Donald Trump was elected president and chose as his top telecom regulator a former Verizon lawyer who's hell-bent on killing federal rules safeguarding net neutrality, the internet's open access principle.
Kategorie: Hacking & Security
Syndikovat obsah