Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries

The Hacker News - 2 Říjen, 2023 - 13:21
Introduction In today's interconnected digital ecosystem, Application Programming Interfaces (APIs) play a pivotal role in enabling seamless communication and data exchange between various software applications and systems. APIs act as bridges, facilitating the sharing of information and functionalities. However, as the use of APIs continues to rise, they have become an increasingly attractive The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comAPI Security / Penetration Testing37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

The Hacker News - 2 Říjen, 2023 - 13:21
LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access into an environment with the goal of stealing Intellectual Property (IP) for extortion. LUCR-3 targets Fortune 2000 companies across various sectors, including but not limited to Software, Retail, Hospitality, The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comCloud Security / Threat Intelligence37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses

The Hacker News - 2 Říjen, 2023 - 13:20
A financially motivated campaign has been targeting online payment businesses in the Asia Pacific, North America, and Latin America with web skimmers for more than a year. The BlackBerry Research and Intelligence Team is tracking the activity under the name Silent Skimmer, attributing it to an actor who is knowledgeable in the Chinese language. Prominent victims include online businesses and THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comWebb Security / Payment Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code

The Hacker News - 2 Říjen, 2023 - 10:02
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as CVE-2023-37476 (CVSS score: 7.8), the vulnerability is a Zip Slip vulnerability that could have adverse impacts when importing a specially crafted project in versions 3.7.3 and below. "Although OpenRefineTHNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comVulnerability / Cyber Attack37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground

The Hacker News - 2 Říjen, 2023 - 07:31
Cybersecurity experts have discovered yet another malware-as-a-service (MaaS) threat called BunnyLoader that's being advertised for sale on the cybercrime underground. "BunnyLoader provides various functionalities such as downloading and executing a second-stage payload, stealing browser credentials and system information, and much more," Zscaler ThreatLabz researchers Niraj Shivtarkar and THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Threat / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users

The Hacker News - 2 Říjen, 2023 - 07:02
An emerging Android banking trojan called Zanubis is now masquerading as a Peruvian government app to trick unsuspecting users into installing the malware. "Zanubis's main infection path is through impersonating legitimate Peruvian Android applications and then tricking the user into enabling the Accessibility permissions in order to take full control of the device," Kaspersky said in an THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

FBI Warns of Rising Trend of Dual Ransomware Attacks Targeting U.S. Companies

The Hacker News - 30 Září, 2023 - 11:49
The U.S. Federal Bureau of Investigation (FBI) is warning of a new trend of dual ransomware attacks targeting the same victims, at least since July 2023. "During these attacks, cyber threat actors deployed two different ransomware variants against victim companies from the following variants: AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal," the FBI said in an alert. "Variants THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comRansomware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

The Hacker News - 30 Září, 2023 - 11:21
Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Espionage / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks

The Hacker News - 30 Září, 2023 - 06:14
Multiple security vulnerabilities have been disclosed in the Exim mail transfer agent that, if successfully exploited, could result in information disclosure and remote code execution. The list of flaws, which were reported anonymously way back in June 2022, is as follows - CVE-2023-42114 (CVSS score: 3.7) - Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comEmail Security / Hacking News37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Cybercriminals Using New ASMCrypt Malware Loader to Fly Under the Radar

The Hacker News - 29 Září, 2023 - 18:43
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected by AV/EDR, etc.," Kaspersky said in an analysis published this week. DoubleFinger was first THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Útoky na české nemocnice se množí. Hackeři hledají slabiny, špatná kybernetická hygiena znamená násobné riziko napadení

Zive.cz - bezpečnost - 29 Září, 2023 - 16:45
Benešov, Brno, Ostrava, Olomouc, Praha, Kosmonosy, Česká Lípa, Janov. To jsou jen některá města, kde se nemocnice, kliniky nebo další zdravotnická zařízení staly v posledních letech terčem útoků hackerů. V některých případech se organizace zvládly ubránit. Jindy ale kybernetický útok způsobil ...
Kategorie: Hacking & Security

Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm

The Hacker News - 29 Září, 2023 - 14:10
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Espionage / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Post-Quantum Cryptography: Finally Real in Consumer Apps?

The Hacker News - 29 Září, 2023 - 13:48
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight.  Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comQuantum Computing / Network Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites

The Hacker News - 29 Září, 2023 - 11:13
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular tools. The findings come from Malwarebytes, which revealed that unsuspecting users can be tricked into visiting booby-trapped sites and installing malware directly from Bing Chat conversations. Introduced by Microsoft in February 2023, Bing Chat is an THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comArtificial Intelligence / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server

The Hacker News - 29 Září, 2023 - 08:15
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc Transfer Module and in the WS_FTP Server manager interface. Tracked as CVE-2023-40044, the flaw has a CVSS score of 10.0, indicating maximum severity. All versions of the software are impacted by the flaw. "In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comServer Security / Vulnerability37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

The Hacker News - 29 Září, 2023 - 05:02
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled. The THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comVulnerability / Network Security37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions

The Hacker News - 28 Září, 2023 - 19:22
A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comSupply Chain / Malware37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

The Hacker News - 28 Září, 2023 - 15:47
Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed BlackTech by the U.S. National Security Agency (NSA), Federal Bureau of THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comCyber Espionage / Threat Intel37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies

The Hacker News - 28 Září, 2023 - 13:13
The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world. The limitations of Browser Isolation, such as degraded browser performance and inability to tackle The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.comBrowser Security / Cybersecurity37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

The Hacker News - 28 Září, 2023 - 12:13
Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team, THNhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.comMalware / Cyber Threat37.09024 -95.7128918.780006163821156 -130.869141 65.400473836178847 -60.556641
Kategorie: Hacking & Security
Syndikovat obsah