Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Atlassian Resets HipChat Passwords Following Breach

Threatpost - 25 Duben, 2017 - 21:34
Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service.
Kategorie: Hacking & Security

Hackeři napadli desítky tisíc počítačů. Zneužili nástroje špiónů

Novinky.cz - bezpečnost - 25 Duben, 2017 - 21:03
Není žádným tajemstvím, že tajné služby disponují sofistikovanými nástroji pro špionáž různých počítačových systémů. A výjimkou není ani americká Národní agentura pro bezpečnost (NSA). Právě špiónského nářadí této agentury se však zmocnili počítačoví piráti. A začali je okamžitě zneužívat.
Kategorie: Hacking & Security

Atlassian's HipChat Hacked — Users' Data May Have Been Compromised

The Hacker News - 25 Duben, 2017 - 21:00
Atlassian's group chat platform HipChat is notifying its users of a data breach after some unknown hacker or group of hackers broke into one of its servers over the weekend and stole a significant amount of data, including group chat logs. What Happened? According to a security notice published on the company's website today, a vulnerability in a "popular third-party" software library used
Kategorie: Hacking & Security

Healthcare CERT warns about ‘Mole’ ransomware – what you need to know

Sophos Naked Security - 25 Duben, 2017 - 19:59
More ransomware: this one changes your file extensions to .MOLE, thus the name.

xDedic Market Spilling Over With School Servers, PCs

Threatpost - 25 Duben, 2017 - 19:45
Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities based in United States.
Kategorie: Hacking & Security

ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs

Threatpost - 25 Duben, 2017 - 18:36
Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning.
Kategorie: Hacking & Security

Zimperium Acquisition Program Publishes Exploits for Patched Android Bugs

Threatpost - 25 Duben, 2017 - 16:30
Exploits for patched Android elevation of privilege vulnerabilities were published through the Zimperium N-Days Exploit Acquisition Program.
Kategorie: Hacking & Security

Russian ‘pioneer’ of identity theft and card fraud jailed for 27 years

Sophos Naked Security - 25 Duben, 2017 - 15:25
Roman Seleznev, the son of a Russian MP, has received the longest ever sentence for hacking to be handed down in the US

Hyundai Patches Leaky Blue Link Mobile App

Threatpost - 25 Duben, 2017 - 15:05
Hyundai Motor America patched its Blue Link mobile app after researchers found a cleartext encryption key that could be use to expose user and vehicle information.
Kategorie: Hacking & Security

Antivirová společnost omylem označila jako malware systémové soubory. Zákazníkům se zhroutily Windows

Zive.cz - bezpečnost - 25 Duben, 2017 - 14:03
Antivirový výrobce Webroot v těchto dnech řeší nepříjemnou kauzu, které jistě ve skrytu duše děsí úplně všichni z oboru. Bezpečnostní program totiž před několika hodinami chybně označil zcela korektní soubory jako malware a zablokoval je. Jedná se tedy o klasický případ false-positive. Kdyby se ...
Kategorie: Hacking & Security

Cloud Computing Security: Be Secure Before Moving to Cloud

InfoSec Institute Resources - 25 Duben, 2017 - 14:00

Introduction This White Paper describes an approach for creating a secure cloud environment which helps Project Teams to deploy their projects easily in the cloud environment while not compromising the security. The document also takes you through the risks and factors involved in the cloud model and how to treat them. This document is cloud-provider […]

The post Cloud Computing Security: Be Secure Before Moving to Cloud appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top Ten Phishing Scams

InfoSec Institute Resources - 25 Duben, 2017 - 14:00

Image taken from CSO Online Dyre Phishing Scam In October 2014, the Dyre, also known as Dyreza, infected more than 20,000 people via phishing campaigns. Dyreza banking malware was able to steal more than $1 million from targeted organizations successfully. The phishing campaign varied from target to target with regards to attachments, themes, payloads and […]

The post Top Ten Phishing Scams appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Trump’s promise on cybersecurity: what’s been happening?

Sophos Naked Security - 25 Duben, 2017 - 13:07
Work behind the scenes suggests that an executive order on cybersecurity could be signed by the end of the week

Hard Target: Fileless Malware

Threatpost - 25 Duben, 2017 - 13:00
Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend.
Kategorie: Hacking & Security

Webroot 'mistakenly' flags Windows as Malware and Facebook as Phishing site

The Hacker News - 25 Duben, 2017 - 12:38
Popular antivirus service Webroot mistakenly flagged core Windows system files as malicious and even started temporarily removing some of the legit files, trashing user computers around the world. The havoc caused after the company released a bad update on April 24, which was pulled after approximately 15 minutes. But that still hasn't stopped some PCs from receiving it, causing serious
Kategorie: Hacking & Security

FIN7 Evolution and the Phishing LNK

LinuxSecurity.com - 25 Duben, 2017 - 12:35
LinuxSecurity.com: FIN7 is a financially-motivated threat group that has been associated with malicious operations dating back to late 2015. FIN7 is referred to by many vendors as "Carbanak Group", although we do not equate all usage of the CARBANAK backdoor with FIN7. FireEye recently observed a FIN7 spear phishing campaign targeting personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations.
Kategorie: Hacking & Security

Phishing with Unicode Domains

LinuxSecurity.com - 25 Duben, 2017 - 12:31
LinuxSecurity.com: Before I explain the details of the vulnerability, you should take a look at the proof-of-concept. Punycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain "xn--s7y.co" is equivalent to "短.co".
Kategorie: Hacking & Security
Syndikovat obsah