Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

9 Popular Training Courses to Learn Ethical Hacking Online

The Hacker News - 19 Duben, 2018 - 19:01
How to become a Professional Hacker? This is one of the most frequently asked queries we came across on a daily basis. Do you also want to learn real-world hacking techniques but don’t know where to start? This week's THN deal is for you. Today THN Deal Store has announced a new Super-Sized Ethical Hacking Bundle that let you get started your career in hacking and penetration testing
Kategorie: Hacking & Security

Cloud Credentials: New Attack Surface for Old Problem

Threatpost - 19 Duben, 2018 - 18:30
Researchers show why keeping a handle on user credentials is just as hard in the cloud as it is on local networks.
Kategorie: Hacking & Security

Inspeckage: Dynamic Assessment Tool for Android

InfoSec Institute Resources - 19 Duben, 2018 - 17:57

If you are pen-testing Android applications, you will need to monitor/check many things at the same time. While doing dynamic analysis, one must take care of all communication, local storage, logs, and what not. Inspeckage a dynamic Android application analysis tool present under Xposed Framework which makes dynamic analysis very easy. Its various features make […]

The post Inspeckage: Dynamic Assessment Tool for Android appeared first on InfoSec Resources.

Inspeckage: Dynamic Assessment Tool for Android was first posted on April 19, 2018 at 10:57 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Google in hot water over privacy of Android apps for kids

Sophos Naked Security - 19 Duben, 2018 - 15:52
Large numbers of child-centred Android apps may be breaking US law.

Aktualizace CMS Drupal

CSIRT.cz - 19 Duben, 2018 - 15:51
Kategorie: Hacking & Security

NSA reveals how it beats 0-days

Sophos Naked Security - 19 Duben, 2018 - 15:50
Exploits and vulnerabilities are weaponized against us 24 hours after release, says technical director.

Nová verze prohlížeče Chrome

CSIRT.cz - 19 Duben, 2018 - 15:48
Kategorie: Hacking & Security

Chris Vickery Discusses Data Leak of 48 Million Users by Private Intelligence Firm

Threatpost - 19 Duben, 2018 - 15:44
Private intelligence gathering firm LocalBlox leaked data on 48 million users that was scraped from Facebook, LinkedIn, Zillow and other sites.
Kategorie: Hacking & Security

Use of ‘StegWare’ Increases in Stealth Malware Attacks

Threatpost - 19 Duben, 2018 - 15:36
Researchers are warning malware payloads can bypass traditional AV protection when delivered buried inside images, documents or even just a pixel.
Kategorie: Hacking & Security

Employee from hell busted by VPN logs

Sophos Naked Security - 19 Duben, 2018 - 14:48
Before retiring from PenAir airline, Suzette Kugler set herself up with fake, high-privilege VPN user accounts that didn't keep her secrets.

Facebook Plans to Build Its Own Chips For Hardware Devices

The Hacker News - 19 Duben, 2018 - 13:47
A new job opening post on Facebook suggests that the social network is forming a team to build its own hardware chips, joining other tech titans like Google, Apple, and Amazon in becoming more self-reliant. According to the post, Facebook is looking for an expert in ASIC and FPGA—two custom silicon designs to help it evaluate, develop and drive next-generation technologies within Facebook—
Kategorie: Hacking & Security

Webové tržiště společnosti IKEA je po útoku hackerů opět v provozu

Novinky.cz - bezpečnost - 19 Duben, 2018 - 13:18
Ve čtvrtek byl obnoven provoz serveru TaskRabbit, který je v podstatě webovým tržištěm drobných živnostníků, jenž patří nábytkářskému řetězci IKEA. Kvůli útoku hackerů a úniku citlivých dat byl web mimo provoz bezmála dva dny.
Kategorie: Hacking & Security

Silence! Chrome hushes noisy autoplaying videos

Sophos Naked Security - 19 Duben, 2018 - 13:15
With the Chrome 66 comes blissful quiet: Google is muting all autoplay content by default.

IBM introduces open-source library for protecting AI systems

LinuxSecurity.com - 19 Duben, 2018 - 12:54
LinuxSecurity.com: IBM released an open-source software library meant to help developers and researchers to protect AI systems including Deep Neural Networks (DNNs) against adversarial attacks. DNNs are complex machine learning models that has certain similarity with the interconnected neurons in the human brain.
Kategorie: Hacking & Security

'iTunes Wi-Fi Sync' Feature Could Let Attackers Hijack Your iPhone, iPad Remotely

The Hacker News - 19 Duben, 2018 - 12:51
Be careful while plugging your iPhone into a friend's laptop for a quick charge or sharing selected files. Researchers at Symantec have issued a security warning for iPhone and iPad users about a new attack, which they named "TrustJacking," that could allow someone you trust to remotely take persistent control of, and extract data from your Apple device. Apple provides an iTunes Wi-Fi sync
Kategorie: Hacking & Security

Gold Galleon hackers target maritime shipping industry

LinuxSecurity.com - 19 Duben, 2018 - 12:50
LinuxSecurity.com: Researchers have uncovered a Nigerian hacking ring which targets maritime shipping firms in order to try and steal millions of dollars on an annual basis.
Kategorie: Hacking & Security

Tens of thousands per Gram

Kaspersky Securelist - 19 Duben, 2018 - 12:00

Looking at Instagram one morning, I spotted several posts from some fairly well-known people (in certain circles) who had invested in an ICO held by Telegram. Interesting, I thought to myself. I fancy a piece of that. Only I was pretty sure that if Telegram was indeed holding an ICO, it would be a private affair — off limits to cash-strapped social media-based “investors.” That’s when I decided to do some digging.

Let’s start with a brief history lesson. In late 2017, information appeared on specialized resources about a Telegram ICO to finance the launch of its own blockchain platform based on TON (Telegram Open Network) technology. Despite the fact that Pavel Durov did not confirm the ICO rumors, and no information was posted on the company’s official website (and still hasn’t been), the mooted project attracted a huge number of potential investors. According to various (dubious) sources, participation in the ICO is by invitation only, and the first closed round, the so-called presale, has already taken place. Technical documentation and a white paper also appeared online, but their authenticity is not confirmed.

Perhaps the masterminds behind the project deliberately clothed it in mystery to spark interest. In any case, the lack of information bred speculation and provided fertile ground for scammers: the rumors prompted mailshots seemingly from official representatives of the platform, inviting people to take part in the ICO and purchase tokens. And there was a mushrooming of sites supposedly selling Grams (the name of the cryptocurrency that Telegram presumably intends to launch).

When creating fake sites, cybercriminals try to keep to the style of technical documentation and white papers

Meanwhile, Pavel Durov tweeted that all TON-related news would be posted only on the official website, and asked for any “Gram” sales to be reported:

If you see or receive offers to "buy Grams", let us know at https://t.co/ctdTBQCRNc

— Pavel Durov (@durov) 21 января 2018 г.

Despite the announcement, fake sites continued scooping cash from unwitting victims. But to give credit where it’s due, their creators did a superb job. Unlike some phishing fakes, these sites really do lure people in. Not only that, most use a secure connection, require registration, and generate a unique online wallet for each new victim, making it hard to track the movement of money.

Grams can be purchased in a selection of cryptocurrencies

The price of the new cryptocurrency varies greatly from one fake site to the next. And although most of them create unique wallets for victims, I managed to find several that use static wallets. From the transaction history of one of them, we see that the cybercriminals withdrew 85 ETH:

Withdrawal of funds harvested in Ethereum

At the time of writing this article, the Ethereum exchange rate was about $422. This resource alone seems to have collected more than 35 000$(2 million rubles), and there are dozens like it. Judging by their content, it’s possible they have common ownership. For example, several have one and the same Our Team section.

Suspiciously similar Our Team sections

While the presence of the Durov brothers doesn’t raise any question marks, Lucas Pernas-Valles seems to exist only on dozens of other fake sites. He may indeed be a member of Telegram’s new project team, but a brief online check reveals that the person in the photo is not called Lucas Pernas-Valles, although he does have cryptocurrency links.

It should be noted that this ICO project is one of relatively few to have attracted mass attention. And where there’s mass attention, there’s fraud. The lack of reliable information from official sources only serves to aggravate the situation

Cybercriminals Hijack Router DNS to Distribute Android Banking Trojan

The Hacker News - 19 Duben, 2018 - 09:40
Security researchers have been warning about an ongoing malware campaign hijacking Internet routers to distribute Android banking malware that steals users' sensitive information, login credentials and the secret code for two-factor authentication. In order to trick victims into installing the Android malware, dubbed Roaming Mantis, hackers have been hijacking DNS settings on vulnerable and
Kategorie: Hacking & Security

Microsoft vydal doplněk pro Chrome, do prohlížeče Googlu přidá bezpečnostní funkci z Edge

Zive.cz - bezpečnost - 19 Duben, 2018 - 09:25
Nečekaný krok provedl Microsoft, který aktuálně vydal rozšíření pro konkurenční prohlížeč Chrome. A není to ledajaké, jedná se o Windows Defender Browser Protection a má za cíl bojovat s phishingovými a jinými škodlivými stránkami. Rozšíření má za cíl zabránit nakažení počítače či krádeže ...
Kategorie: Hacking & Security
Syndikovat obsah