Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Multiple security holes discovered in Linksys routers

Sophos Naked Security - 21 Duben, 2017 - 19:55
As with every router vulnerability, a key issue is, “How many owners will hear about the issue and bother to update?”

Researchers claim China trying to hack South Korea missile defense efforts

Ars Technica - 21 Duben, 2017 - 17:33

Enlarge / South Korea is deploying Lockheed Martin's THAAD missile defense system, and that's sparked the ire of the Chinese government, as well as military and "hacktivist" hacking groups, according to FireEye. (credit: US Army)

Chinese government officials have been very vocal in their opposition to the deployment of the Terminal High-Altitude Air Defense (THAAD) system in South Korea, raising concerns that the anti-ballistic missile system's sensitive radar sensors could be used for espionage. And according to researchers at the information security firm FireEye, Chinese hackers have transformed objection to action by targeting South Korean military, government, and defense industry networks with an increasing number of cyberattacks. Those attacks included a denial of service attack against the website of South Korea's Ministry of Foreign Affairs, which the South Korean government says originated from China.

FireEye's director of cyber-espionage analysis John Hultquist told the Wall Street Journal that FireEye had detected a surge in attacks against South Korean targets from China since February, when South Korea announced it would deploy THAAD in response to North Korean missile tests. The espionage attempts have focused on organizations associated with the THAAD deployment. They have included "spear-phishing" e-mails carrying attachments loaded with malware along with "watering hole" attacks that put exploit code to download malware onto websites frequented by military, government, and defense industry officials.

FireEye claims to have found evidence that the attacks were staged by two groups connected to the Chinese military. One, dubbed Tonto Team by FireEye, operates from the same region of China as previous North Korean hacking operations. The other is known among threat researchers as APT10, or "Stone Panda"—the same group believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. These groups have also been joined in attacks by two "patriotic hacking" groups not directly tied to the Chinese government, Hultquist told the Journal—including one calling itself "Denounce Lotte Group" targeting the South Korean conglomerate Lotte. Lotte made the THAAD deployment possible through a land swap with the South Korean government.

Read on Ars Technica | Comments

Kategorie: Hacking & Security

Threatpost News Wrap, April 21, 2017

Threatpost - 21 Duben, 2017 - 17:20
Last Friday's ShadowBrokers dump, Microsoft ditching passwords, and a new car dongle hack are all discussed.
Kategorie: Hacking & Security

Vendor, Consultant and Contractor Security

InfoSec Institute Resources - 21 Duben, 2017 - 16:57

Getting a company to embrace information security on a corporate level requires luck, as you will need to engage upper management and gain their support. With these you will at least be dealing with people bound to follow the same set of rules and corporate policies. Ensuring vendor, consultant and contractor security requires another level […]

The post Vendor, Consultant and Contractor Security appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Google Pleads for Better Cross-Border Exchange of Digital Evidence

Threatpost - 21 Duben, 2017 - 16:30
Google asked for MLAT reform, and released its biannual Transparency Report revealing it received a record number of government requests for user data.
Kategorie: Hacking & Security

UK government reports on business breaches and it’s not pretty

Sophos Naked Security - 21 Duben, 2017 - 15:40
Almost half have experienced a cyber attack while a third do not have anyone at board level tasked with cyber security.

Mirai and Hajime Locked Into IoT Botnet Battle

Threatpost - 21 Duben, 2017 - 15:26
A white hat hacker is believed responsible for the Hajime IoT botnet because its main objective appears to be to secure IoT devices vulnerable to the notorious Mirai malware.
Kategorie: Hacking & Security

Microsoft: velký update pro Windows vydáme každý březen a září

Zive.cz - bezpečnost - 21 Duben, 2017 - 14:03
Pravidelné velké updaty systému slíbil Microsoft dlouho před příchodem samotných Windows 10, nicméně v posledním blogpostu upřesňuje přesný plán. Podle něj budou velké aktualizace uživatelům doručovány dvakrát ročně vždy ve stejné měsíce. Zatámco Anniversary Update dorazil minulý rok v srpnu a ...
Kategorie: Hacking & Security

Domain Fronting

InfoSec Institute Resources - 21 Duben, 2017 - 14:00

In this article, we are going to learn about a very interesting and powerful technique known as Domain Fronting which is a circumvention technique based on HTTPS that hides the true destination from the censor. What is Domain Fronting? Domain fronting is a technique to circumvent the censorship employed for certain domains(censorship may be for […]

The post Domain Fronting appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Top 10 Open-Source Security Tools Released by Tech Giants

InfoSec Institute Resources - 21 Duben, 2017 - 14:00

We have always wondered how tech giants have been able to keep their security so tight? Do they use the same tools that are available for the rest of us? Alternatively, they have allocated a small portion of their massive resources dedicated to coming up with something different? Finally, we have our answers. Many tech […]

The post Top 10 Open-Source Security Tools Released by Tech Giants appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Navy and Marines crack down on nude photo sharing

Sophos Naked Security - 21 Duben, 2017 - 12:23
The crackdown on nonconsensual nudes follows the discovery of the private Facebook group "Marines United"

MasterCard launches Credit Card with Built-In Fingerprint Scanner

The Hacker News - 21 Duben, 2017 - 11:50
MasterCard has unveiled its brand new payment card that has a built-in biometric fingerprint scanner, allowing customers to authorize payments with their fingerprint, without requiring a PIN code or a signature. The company is already testing the new biometric payment cards, combined with the on-board chips, in South Africa and says it hopes to roll out the new cards to the rest of the world
Kategorie: Hacking & Security

Man sues Confide: I wouldn’t have spent $7/month if I’d known it was flawed

Ars Technica - 21 Duben, 2017 - 11:00

Enlarge (credit: Confide)

A man in Michigan has sued Confide, a secure messaging app that is reportedly used by Republicans in the Trump White House, over allegations that the app isn’t nearly as secure when run on a desktop computer, as opposed to a mobile device.

While the app does prevent screenshots on mobile devices, the new lawsuit, which was filed in federal court in New York on Thursday, notes that the app fails to block screenshots on Windows. Similarly, the mac OS and Windows versions both allow for entire messages to be read all at once rather than line-by-line, as the mobile app does. The two desktop platforms also lack a key feature—notification of a screenshot.

"By failing to offer the protections it advertised, Confide not only fails to maintain the confidentiality of messages sent or received by desktop App users, but its entire user base," lawyers for the plaintiff, Jeremy Auman, wrote in their civil complaint.

Read 9 remaining paragraphs | Comments

Kategorie: Hacking & Security

Konec PIN? MasterCard testuje kartu s vestavěnou čtečkou otisků prstů

Zive.cz - bezpečnost - 21 Duben, 2017 - 07:29
Vzestup mobilních platebních metod zapříčil, že používání otisků prstů k ověření identity při placení se stalo běžným. MasterCard proto napadlo, že by se technologie mohla vložit na platební kartu a přesně to udělal. Nová karta se vůbec nijak neliší od klasické, ani není tlustší, jen obsahuje ...
Kategorie: Hacking & Security

Chrome, Firefox, and Opera users beware: This isn’t the apple.com you want

Ars Technica - 20 Duben, 2017 - 20:34

Enlarge / This is how a Chrome 57 displays https://www.xn--80ak6aa92e.com/. Note the https://www.apple.com in the address bar.

If you're using Chrome, Firefox, or Opera to view websites, you should be aware of a weakness that can trick even savvy people into trusting malicious impostor sites that want you to download software or enter your password or credit card data.

The weakness involves the way these browsers display certain characters in the address bar. Until Google released version 58 in the past 24 hours, for instance, Chrome displayed https://www.xn--80ak6aa92e.com/ as https://www.apple.com. The latest versions of Firefox and Opera by default continue to present the same misleading address. As the screenshot above demonstrates, the corresponding website has nothing to do with Apple. Had a malicious attacker registered the underlying xn--80ak6aa92e.com domain, she could have used it to push backdoored software or to trick visitors into divulging passwords or other sensitive information.

Xudong Zheng, a Web application developer who developed the apple.com look-alike site to demonstrate the threat, explained here how the attack works.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Google Fixes Unicode Phishing Vulnerability in Chrome 58, Firefox Standing Pat

Threatpost - 20 Duben, 2017 - 20:32
Google fixed a vulnerability that could've let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off - for now.
Kategorie: Hacking & Security

News in brief: Google ‘plans native adblocker’; Facebook seeks fake news lead; near miss for Earth

Sophos Naked Security - 20 Duben, 2017 - 18:48
Your daily round-up of some of the other stories in the news

20 Linksys Router Models Vulnerable To Attack

Threatpost - 20 Duben, 2017 - 18:38
Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company.
Kategorie: Hacking & Security

Beware! Dozens of Linksys Wi-Fi Router Models Vulnerable to Multiple Flaws

The Hacker News - 20 Duben, 2017 - 18:21
Bad news for consumers with Linksys routers: Cybersecurity researchers have disclosed the existence of nearly a dozen of unpatched security flaws in Linksys routers, affecting 25 different Linksys Smart Wi-Fi Routers models widely used today. IOActive's senior security consultant Tao Sauvage and independent security researcher Antide Petit published a blog post on Wednesday, revealing that
Kategorie: Hacking & Security

Stuxnet LNK Exploits Still Widely Circulated

Threatpost - 20 Duben, 2017 - 18:15
Endpoints are still encountering exploits for the LNK vulnerability, one of the principal infection mechanisms used by the Stuxnet worm.
Kategorie: Hacking & Security
Syndikovat obsah