Kategorie

Vyděračské viry, které jsou často označovány souhrnným názvem ransomware, byly v loňském roce jednou z nejrozšířenějších hrozeb. Podle zprávy bezpečnostní společnosti Emsisoft je dokonce výskyt těchto nezvaných návštěvníků na vzestupu, jak upozornil server TechPowerUp.

Vykutálení podvodníci neustále vymýšlejí nové triky, jak připravit důvěřivce o peníze. Stačí k tomu, abyste prozradili číslo svého mobilu na Facebooku, načež vás kyberzločinci řadou důmyslných fint připraví o peníze. Jeden takový případ Novinky.cz zmapovaly.

OurMine took over the Spanish powerhouse soccer team's Twitter account.

Ring outlined new security and data privacy measures, Tuesday, following backlash of the connected doorbell in the past year.

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.

Posted by Christiaan Brand, Product Manager, Google Cloud 

Security keys provide the strongest protection against phishing attacks. That’s why they are an important feature of the Advanced Protection Program that provides Google’s strongest account protections for users that consider themselves at a higher risk of targeted, sophisticated attacks on their personal or work Google Accounts.

Last year, we made the Titan Security Key bundle with USB-A/NFC and Bluetooth/USB/NFC keys available in Canada, France, Japan, the UK, and the US. Starting today, USB-C Titan Security Keys are available in those countries, and the bundle and USB-C Titan Security Keys are now available on the Google Store in Austria, Germany, Italy, Spain, and Switzerland.

Titan Security Keys are now available in 10 countries
Security keys use public-key cryptography to verify your identity and URL of the login page so that an attacker can’t access your account even if they have your username or password. Unlike other two-factor authentication (2FA) methods that try to verify your sign-in, security keys support FIDO standards that provide the strongest protection against automated bots, bulk phishing attacks, and targeted phishing attacks.

We highly recommend users at a higher risk of targeted attacks (e.g., political campaign teams, activists, journalists, IT administrators, executives) to get Titan Security Keys and enroll into the Advanced Protection Program (APP). If you’re working in a federal political campaigns team in the US, you can now request free Titan Security Keys via Defending Digital Campaigns and get help enrolling into the APP. Bulk orders are also available for enterprise organizations in select countries.

You can also use Titan Security Keys for any site where FIDO security keys are supported for 2FA, including your personal or work Google Account, 1Password, Bitbucket, Bitfinex, Coinbase, Dropbox, Facebook, GitHub, Salesforce, Stripe, Twitter, and more.

Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.

Introduction Passwords, the long-relied-upon information security measure that helps secure billions of user accounts daily, have become a little long in the tooth. When you consider advances in attack techniques and information security technology, the days of the password are numbered. This raises the question of what to do about user privacy on Windows 10 […]

The post How to use Microsoft Passport in Windows 10 appeared first on Infosec Resources.

How to use Microsoft Passport in Windows 10 was first posted on February 18, 2020 at 10:11 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Visibility into an environment attack surface is the fundamental cornerstone to sound security decision making. However, the standard process of 3rd party threat assessment as practiced today is both time consuming and expensive. Cynet changes the rules of the game with a free threat assessment offering (click here to learn more) based on more than 72 hours of data collection, enabling

Introduction Drivers are an essential group of files that allow a hardware component(s) to communicate with the computer’s operating system (OS). If an attacker successfully exploits a kernel-based driver, the user might as well sign away the OS to the attacker.  This article details driver security in Windows 10, including fundamentals of driver signature enforcement, […]

The post Driver Security in Windows 10 appeared first on Infosec Resources.

Driver Security in Windows 10 was first posted on February 18, 2020 at 9:55 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed "Fox Kitten," the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors

Ring is continuing its bid to improve privacy and security after facing criticism. As of today, the Amazon brand will start requiring two-factor authentication for all users when they sign into their Ring accounts.

What if I told you that there is an exploitable security risk hiding in plain sight that could result in the compromise of your Linux or Windows machine? What if I told you that the attack vector has been exploited since 2015 and that both vendors and attackers are well aware of it?

Introduction A web server is not just any other device that you employ in your network environment. Unlike other devices sitting behind layers of defenses and firewalls, web servers sit at the rim of your network and are designed to share information about your organization with the outside world, regardless of who they are.  Therefore, […]

The post Web server security: Web server hardening appeared first on Infosec Resources.

Web server security: Web server hardening was first posted on February 18, 2020 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction to injection Injection attacks are considered some of the most dangerous types of vulnerabilities in existence. According to the OWASP Top Ten List of web application vulnerabilities, injection is the most common and dangerous type. On the 2019 CWE Top 25 Most Dangerous Software Errors list, poor input sanitization (which enables injection attacks) took […]

The post What is NoSQL injection? appeared first on Infosec Resources.

What is NoSQL injection? was first posted on February 18, 2020 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

HTTPS web encryption - blessing or curse? A new SophosLabs report looks at how much the crooks love TLS.

Scam threatens to flood sites using Google’s banner-ad program with bot and junk traffic if owners don’t pay $5K in bitcoin.

Ten days after a suspected ransomware attack, residents of the English borough of Redcar and Cleveland must be starting to wonder when their Council’s IT systems will return.

A small but determined group of Twitter users think it is a good idea to direct message (DM) pictures of male genitals to complete strangers.

Popular cryptocurrency IOTA has temporarily shut down its entire network after a hacker stole funds from ten of its highest-value users.