Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Urgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability

The Hacker News - 25 Září, 2021 - 08:39
Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show another page as an inset and "perform a seamless transition to a new state, where the
Kategorie: Hacking & Security

SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices

The Hacker News - 25 Září, 2021 - 07:41
Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on the CVSS scoring system, and could allow an
Kategorie: Hacking & Security

A New APT Hacker Group Spying On Hotels and Governments Worldwide

The Hacker News - 25 Září, 2021 - 07:16
A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms. Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims located across Africa, Asia, Europe, the
Kategorie: Hacking & Security

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days

The Hacker News - 25 Září, 2021 - 06:58
Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users. <!--adsense--> Chief among them is CVE-2021-30869, a type confusion flaw
Kategorie: Hacking & Security

Google Warns of a New Way Hackers Can Make Malware Undetectable on Windows

The Hacker News - 25 Září, 2021 - 06:57
Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code — which is used in a number of security scanning products," Google
Kategorie: Hacking & Security

Apple's New iCloud Private Relay Service Leaks Users' Real IP Addresses

The Hacker News - 25 Září, 2021 - 06:55
A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced as a beta with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields users'
Kategorie: Hacking & Security

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

Threatpost - 24 Září, 2021 - 20:46
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
Kategorie: Hacking & Security

TangleBot Malware Reaches Deep into Android Device Functions

Threatpost - 24 Září, 2021 - 17:48
The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
Kategorie: Hacking & Security

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

Threatpost - 24 Září, 2021 - 16:01
Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
Kategorie: Hacking & Security

Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security>

LinuxSecurity.com - 24 Září, 2021 - 14:25
Most Linux distros are currently coming up short from offering adequate security around full disk encryption and authenticated boot. Prominent Linux developer Lennart Poettering even argues that your data is "probably more secure if stored on current ChromeOS, Android, Windows or macOS devices."
Kategorie: Hacking & Security

High-Severity RCE Flaw Disclosed in Several Netgear Router Models

The Hacker News - 24 Září, 2021 - 14:13
Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. <!--adsense--> Traced as CVE-2021-40847 (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version 1.0.4.120) R6700
Kategorie: Hacking & Security

Apple Patches 3 More Zero-Days Under Active Attack

Threatpost - 24 Září, 2021 - 13:29
One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
Kategorie: Hacking & Security

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software

The Hacker News - 24 Září, 2021 - 09:27
Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is as follows - CVE-2021-34770 (CVSS score:
Kategorie: Hacking & Security

A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit

The Hacker News - 24 Září, 2021 - 06:54
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers
Kategorie: Hacking & Security

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials

The Hacker News - 24 Září, 2021 - 06:53
An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text (HTTP
Kategorie: Hacking & Security

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

Threatpost - 24 Září, 2021 - 01:00
After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court."
Kategorie: Hacking & Security

5 Tips for Achieving Better Cybersecurity Risk Management

Threatpost - 23 Září, 2021 - 21:10
Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.
Kategorie: Hacking & Security

How Outlook “autodiscover” could leak your passwords – and how to stop it

Sophos Naked Security - 23 Září, 2021 - 20:59
The Microsoft Autodiscover "Great Leak" explained - and how to prevent it
Syndikovat obsah