Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Opponents Vow to Continue the Fight after Trump Reauthorizes Domestic Spying Law

Threatpost - 19 Leden, 2018 - 23:27
There is "a glimmer of light" despite the Senate's move to reauthorize Section 702 of the Foreign Intelligence Surveillance Act, says the ACLU.
Kategorie: Hacking & Security

OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers

Threatpost - 19 Leden, 2018 - 21:38
The breach is the latest piece of bad publicity for the popular Chinese handset maker.
Kategorie: Hacking & Security

New Dridex Variant Emerges With An FTP Twist

Threatpost - 19 Leden, 2018 - 19:45
A recently discovered Dridex campaign had a few peculiar characteristics, including the use of FTP instead of HTTP.
Kategorie: Hacking & Security

Malicious Chrome extension is next to impossible to manually remove

Ars Technica - 19 Leden, 2018 - 19:36

(credit: Malwarebytes)

Proving once again that Google Chrome extensions are the Achilles heel of what's arguably the Internet's most secure browser, a researcher has documented a malicious add-on that tricks users into installing it and then, he said, is nearly impossible for most to manually uninstall. It was available for download on Google servers until Wednesday, 19 days after it was privately reported to Google security officials, a researcher said.

Once installed, an app called "Tiempo en colombia en vivo" prevents users from accessing the list of installed Chrome extensions by redirecting requests to chrome://apps/?r=extensions instead of chrome://extensions/, the page that lists all installed extensions and provides an interface for temporarily disabling or uninstalling them. Malwarebytes researcher Pieter Arntz said he experimented with a variety of hacks—including disabling JavaScript in the browser, starting Chrome with all extensions disabled, and renaming the folder where extensions are stored—none of them worked. Removing the extension proved so difficult that he ultimately advised users to run the free version of Malwarebytes and let it automatically remove the add-on.

When Arntz installed the extension on a test machine, Chrome spontaneously clicked on dozens of YouTube videos, an indication that inflating the number of views was among the things it did. The researcher hasn't ruled out the possibility that the add-on did more malicious things because the amount of obfuscated JavaScript it contained made a comprehensive analysis too time consuming. The researcher provided additional details in a blog post published Thursday.

Read 11 remaining paragraphs | Comments

Kategorie: Hacking & Security

OnePlus confirms up to 40,000 customers affected by Credit Card Breach

The Hacker News - 19 Leden, 2018 - 18:34
OnePlus has finally confirmed that its online payment system was breached, following several complaints of fraudulent credit card transactions from its customers who made purchases on the company's official website. In a statement released today, Chinese smartphone manufacturer admitted that credit card information belonging to up to 40,000 customers was stolen by an unknown hacker between
Kategorie: Hacking & Security

Apple Preps ChaiOS iMessage Bug Fix for Next Week

Threatpost - 19 Leden, 2018 - 18:12
A so-called ‘text bomb’ flaw in Apple’s iPhone and Mac computers that causes devices to crash or restart will be patched next week, according to multiple sources.
Kategorie: Hacking & Security

5 Standardization Bodies Security Professionals Need to Know

InfoSec Institute Resources - 19 Leden, 2018 - 15:00

Standardization bodies are organizations that exist specifically for developing, coordinating, promoting and interpreting technical standards. As with any vital area, there are several standardization bodies focused on producing information security related standards. Here are five standardization bodies all security engineers should know about: The International Organization for Standardization (ISO) ISO is an international standardization body […]

The post 5 Standardization Bodies Security Professionals Need to Know appeared first on InfoSec Resources.

5 Standardization Bodies Security Professionals Need to Know was first posted on January 19, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

The Google Play “Super Antivirus” that’s not so super at all… [REPORT]

Sophos Naked Security - 19 Leden, 2018 - 14:59
SophosLabs has published a technical report digging into the details of a not-so-super "Super Antivirus" charade on Google Play.

90% of Gmail users could improve their security easily, but don’t

Sophos Naked Security - 19 Leden, 2018 - 14:43
There's something alarming about the world’s one billion regular Gmail users – barely any have turned on two-step verification.

Phishing Attacks in the Transportation Industry

InfoSec Institute Resources - 19 Leden, 2018 - 14:00

Phishing is Pandora’s Box Human nature, it seems, cannot withstand the allure of a closed box or, in this day of raging e-technologies, an unopened email. In no small part, our burning need to know, “What’s inside?”, has contributed to the flush of success of the phishing phenomenon to infiltrate personal computers and networks around […]

The post Phishing Attacks in the Transportation Industry appeared first on InfoSec Resources.

Phishing Attacks in the Transportation Industry was first posted on January 19, 2018 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017

InfoSec Institute Resources - 19 Leden, 2018 - 14:00

The Skygofree spyware analyzed by Kaspersky today was first spotted by the researcher Lukas Stefanko and the first analysis was published last year by the experts of CSE Cybsec ZLab. The Skygofree spyware A few days ago, malware researchers at Kaspersky Lab had disclosed the discovery of a new strain of mobile malware; it is powerful Android […]

The post Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017 appeared first on InfoSec Resources.

Powerful Skygofree Spyware Was Already Reported and Analyzed In 2017 was first posted on January 19, 2018 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Virtual reality porn app SinVR exposes details of 20,000 customers

Sophos Naked Security - 19 Leden, 2018 - 13:25
Personal details of adult virtual reality game SinVR customers were accidentally exposed for two weeks, while security researchers tried to get the company's attention

“Give me a job or else!” approach fails to land IT job

Sophos Naked Security - 19 Leden, 2018 - 12:43
Sending an application letter to your prospective employer is a good idea, an extortion letter, not so much

Does your credit card need a tinfoil hat to keep it safe on the train?

Sophos Naked Security - 19 Leden, 2018 - 12:33
Can the person squashed up against you on the train read your credit card without you realising? If so, what can you do about it?

Rogue Chrome, Firefox Extensions Hijack Browsers; Prevent Easy Removal

LinuxSecurity.com - 19 Leden, 2018 - 12:29
LinuxSecurity.com: Any malware that hijacks your browser to serve up ads or to redirect you to random websites can be annoying. Even more so are extensions that take control of your browser and prevent you from landing on pages that can help you get rid of them.
Kategorie: Hacking & Security

Mozilla mandates that new Firefox features rely on encrypted connections

LinuxSecurity.com - 19 Leden, 2018 - 12:28
LinuxSecurity.com: Mozilla this week decreed that future web-facing features of Firefox must meet an under-development standard that requires all browser-to-server-and-back traffic be encrypted.
Kategorie: Hacking & Security

Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012

The Hacker News - 19 Leden, 2018 - 11:40
A global mobile espionage campaign collecting a trove of sensitive personal information from victims since at least 2012 has accidentally revealed itself—thanks to an exposed server on the open internet. It's one of the first known examples of a successful large-scale hacking operation of mobile phones rather than computers. The advanced persistent threat (APT) group, dubbed Dark Caracal,
Kategorie: Hacking & Security

Sprawling Mobile Espionage Campaign Targets Android Devices

Threatpost - 18 Leden, 2018 - 23:59
A massive mobile espionage campaign has been collecting troves of sensitive personal information since 2012, according to a new report from the Electronic Frontier Foundation and security firm Lookout.
Kategorie: Hacking & Security

A Senior Citizen’s Guide to Identity Protection

InfoSec Institute Resources - 18 Leden, 2018 - 22:49

As a senior citizen, you come from a generation that tends to be more trusting and that had plenty of time to build a nest egg. Unfortunately, these qualities make you a likely target for online scam artists. Scammers have been targeting senior citizens through telemarketing frauds for years, but they are now turning to […]

The post A Senior Citizen’s Guide to Identity Protection appeared first on InfoSec Resources.

A Senior Citizen’s Guide to Identity Protection was first posted on January 18, 2018 at 3:49 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security
Syndikovat obsah