Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Více než polovina nemocničních zařízení připojených k internetu má zranitelnost, která může ohrozit zdraví či životy pacientů

Zive.cz - bezpečnost - 2 hodiny 20 min zpět
Podle zprávy společnosti Cynerio, která se zabývá kybernetickou bezpečností ve zdravotnictví, má více než polovina zařízení připojených k internetu používaných v nemocnicích nějakou zranitelnost, která může ohrozit zdraví i životy pacientů, důvěrné údaje nebo použitelnost. Zpráva analyzovala ...
Kategorie: Hacking & Security

Utopili jste telefon? Ještě není vše ztraceno. Poradíme, jak jej zachránit

Zive.cz - bezpečnost - 4 hodiny 20 min zpět
** Voděodolnost dnes ještě stále není samozřejmost u všech telefonů ** Polití či utopení tak může telefon nenávratně zničit ** Poradíme, co v takových případech dělat a jak jej zachránit
Kategorie: Hacking & Security

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

The Hacker News - 9 hodin 23 min zpět
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input and send that query
Kategorie: Hacking & Security

Kybernetická kriminalita je v Česku na vzestupu, varovala policie

Novinky.cz - bezpečnost - 16 hodin 47 sek zpět
V Česku loni oproti roku 2020 přibylo trestných činů páchaných v kyberprostoru o 1445 na 9518 skutků. Objasněna byla čtvrtina z nich. V tiskové zprávě k vývoji registrované kriminality za loňský rok to uvedl mluvčí policejního prezidia Ondřej Moravčík.
Kategorie: Hacking & Security

Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

The Hacker News - 22 Leden, 2022 - 15:47
Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsoft last week, which said it observed the destructive cyber campaign targeting government, non-profit,
Kategorie: Hacking & Security

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

The Hacker News - 22 Leden, 2022 - 15:21
An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information
Kategorie: Hacking & Security

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

The Hacker News - 22 Leden, 2022 - 08:39
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based
Kategorie: Hacking & Security

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

The Hacker News - 22 Leden, 2022 - 08:25
Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on
Kategorie: Hacking & Security

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

The Hacker News - 22 Leden, 2022 - 07:30
A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the
Kategorie: Hacking & Security

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

The Hacker News - 22 Leden, 2022 - 07:28
Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled
Kategorie: Hacking & Security

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

The Hacker News - 22 Leden, 2022 - 07:28
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues
Kategorie: Hacking & Security

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

The Hacker News - 22 Leden, 2022 - 07:28
Potential connections between a subscription-based crimeware-as-a-service (CaaS) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of
Kategorie: Hacking & Security

The Internet’s Most Tempting Targets

Threatpost - 21 Leden, 2022 - 22:03
What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
Kategorie: Hacking & Security

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Threatpost - 21 Leden, 2022 - 21:27
Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant's 2017 cyberattack.
Kategorie: Hacking & Security

20K WordPress Sites Exposed by Insecure Plugin REST-API

Threatpost - 21 Leden, 2022 - 19:19
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
Kategorie: Hacking & Security

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

Threatpost - 21 Leden, 2022 - 18:13
McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
Kategorie: Hacking & Security

Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft

Sophos Naked Security - 21 Leden, 2022 - 17:25
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.

Nasty Linux kernel bug found and fixed>

LinuxSecurity.com - 21 Leden, 2022 - 15:11
A heap overflow bug was recently discovered in the Linux kernel. The patch is available now in most major Linux distributions.
Kategorie: Hacking & Security

Spyware Blitzes Compromise, Cannibalize ICS Networks

Threatpost - 21 Leden, 2022 - 15:10
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
Kategorie: Hacking & Security

Intel's Unaccepted Memory Support Updated For Substantially Faster Booting Of TDX VMs>

LinuxSecurity.com - 21 Leden, 2022 - 13:00
Way back in August Intel posted a set of Linux kernel patches for supporting "unaccepted memory" by the Linux kernel in preparation for next-generation Xeon processors and speeding up the boot time for guest virtual machines making use of Intel's Trust Domain Extensions (TDX) security feature. Unaccepted memory support hasn't yet made it to the mainline kernel but now a second iteration of the patches have been posted.
Kategorie: Hacking & Security
Syndikovat obsah