Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique

The Hacker News - 1 hodina 10 min zpět
With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without
Kategorie: Hacking & Security

Nvidia’s Anti-Cryptomining GPU Chip May Not Discourage Attacks

Threatpost - 1 hodina 43 min zpět
The hotly anticipated GeForce RTX 3060, a ray-tracing-friendly, advanced gaming graphics chip, will also throttle Ethereum mining.
Kategorie: Hacking & Security

Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks

The Hacker News - 1 hodina 45 min zpět
New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. "A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The
Kategorie: Hacking & Security

Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Threatpost - 2 hodiny 14 min zpět
As more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.
Kategorie: Hacking & Security

New Password Checkup Feature Coming to Android

Google Security Blog - 3 hodiny 3 min zpět
Posted by Arvind Kumar Sugumar, Software Engineer, Android Team

With the proliferation of digital services in our lives, it’s more important than ever to make sure our online information remains safe and secure. Passwords are usually the first line of defense against hackers, and with the number of data breaches that could publicly expose those passwords, users must be vigilant about safeguarding their credentials.

To make this easier, Chrome introduced the Password Checkup feature in 2019, which notifies you when one of the passwords you’ve saved in Chrome is exposed. We’re now bringing this functionality to your Android apps through Autofill with Google. Whenever you fill or save credentials into an app, we’ll check those credentials against a list of known compromised credentials and alert you if your password has been compromised. The prompt can also take you to your Password Manager page, where you can do a comprehensive review of your saved passwords. Password Checkup on Android apps is available on Android 9 and above, for users of Autofill with Google.

Follow the instructions below to enable Autofill with Google on your Android device:

  1. Open your phone’s Settings app
  2. Tap System > Languages & input > Advanced
  3. Tap Autofill service
  4. Tap Google to make sure the setting is enabled

If you can’t find these options, check out this page with details on how to get information from your device manufacturer.

How it works

User privacy is top of mind, especially when it comes to features that handle sensitive data such as passwords. Autofill with Google is built on the Android autofill framework which enforces strict privacy & security invariants that ensure that we have access to the user’s credentials only in the following two cases: 1) the user has already saved said credential to their Google account; 2) the user was offered to save a new credential by the Android OS and chose to save it to their account.

When the user interacts with a credential by either filling it into a form or saving it for the first time, we use the same privacy preserving API that powers the feature in Chrome to check if the credential is part of the list of known compromised passwords tracked by Google.

This implementation ensures that:

  • Only an encrypted hash of the credential leaves the device (the first two bytes of the hash are sent unencrypted to partition the database)
  • The server returns a list of encrypted hashes of known breached credentials that share the same prefix
  • The actual determination of whether the credential has been breached happens locally on the user’s device
  • The server (Google) does not have access to the unencrypted hash of the user’s password and the client (User) does not have access to the list of unencrypted hashes of potentially breached credentials

For more information on how this API is built under the hood, check out this blog from the Chrome team.

Additional security features

In addition to Password Checkup, Autofill with Google offers other features to help you keep your data secure:

  • Password generation: With so many credentials to manage, it’s easy for users to recycle the same password across multiple accounts. With password generation, we’ll generate a unique, secure password for you and save it to your Google account so you don’t have to remember it at all. On Android, you can request password generation for an app by long pressing the password field and selecting “Autofill” in the pop-up menu.
  • Biometric authentication: You can add an extra layer of protection on your device by requiring biometric authentication any time you autofill your credentials or payment information. Biometric authentication can be enabled inside of the Autofill with Google settings.

As always, stay tuned to the Google Security blog to keep up to date on the latest ways we’re improving security across our products.

Kategorie: Hacking & Security

Everything You Need to Know About Evolving Threat of Ransomware

The Hacker News - 4 hodiny 9 min zpět
The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and
Kategorie: Hacking & Security

Top Linux distro tells users: Stop using out of date versions, update your software now>

LinuxSecurity.com - 4 hodiny 20 min zpět
Linux Mint maintainers are emphasizing the importance of keeping software up-to-date - a critical security best practice that many users are neglecting.
Kategorie: Hacking & Security

Red Hat closes StackRox Kubernetes security acquisition>

LinuxSecurity.com - 4 hodiny 1 min zpět
With the popular Linux distro's acquisition of StackRox, Red Hat is taking a major step forward in securing not only its own Kubernetes distribution, OpenShift, but other Kubernetes distros as well.
Kategorie: Hacking & Security

Nejrozšířenějším virem byl v lednu Emotet. Zásahu FBI a Europolu navzdory

Novinky.cz - bezpečnost - 9 hodin 2 min zpět
Na konci ledna se tým bezpečnostních expertů z několika různých států – v přední řadě s FBI a Europolem – pochlubil, že rozbil síť zotročených počítačů (tzv. botnet), jejímž prostřednictvím hackeři šířili trojského koně Emotet. Ještě předtím ale zvládl tento záškodník napáchat hromadě uživatelů velké nepříjemnosti, podle kyberbezpečnostní společnosti Check Point totiž šlo v prvním měsíci letošního roku o nejrozšířenější hrozbu.
Kategorie: Hacking & Security

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now

The Hacker News - 9 hodin 17 min zpět
VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying
Kategorie: Hacking & Security

Desítky Boeingů 777-200 byly uzemněny po dramatickém selhání motoru nad Denverem

Zive.cz - bezpečnost - 10 hodin 20 min zpět
Zatímco letadla Boeing 737 MAX se pomalu ale jistě vracejí na oblohu, musí jejich výrobce čelit další nepříjemnosti. Po dramatickém selhání motoru na stroji 777-200 aerolinek United Airlines, jehož součásti dopadly do obydlených oblastí, byly z provozu dočasně vyřazeny desítky letadel tohoto ...
Kategorie: Hacking & Security

Experts Find a Way to Learn What You're Typing During Video Calls

The Hacker News - 10 hodin 37 min zpět
A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San Antonio and Anindya Maiti from the University of Oklahoma, who say the attack
Kategorie: Hacking & Security

Daycare Webcam Service Exposes 12,000 User Accounts  

Threatpost - 23 Únor, 2021 - 20:59
NurseryCam suspends service across 40 daycare centers until a security fix is in place.
Kategorie: Hacking & Security

IBM Squashes Critical Remote Code-Execution Flaw

Threatpost - 23 Únor, 2021 - 20:36
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.
Kategorie: Hacking & Security

Finnish IT Giant Hit with Ransomware Cyberattack

Threatpost - 23 Únor, 2021 - 17:51
TietoEVRY was forced to shut down services and infrastructure as the company continues to investigate the incident with relevant authorities.
Kategorie: Hacking & Security

Keybase secure messaging fixes photo-leaking bug – patch now!

Sophos Naked Security - 23 Únor, 2021 - 16:59
It's a bit like Snapchat all over again - but this bug was quickly fixed.

10K Microsoft Email Users Hit in FedEx Phishing Attack

Threatpost - 23 Únor, 2021 - 15:00
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.
Kategorie: Hacking & Security

Windows Subsystem for Linux 2: The GUI features developers have been asking for>

LinuxSecurity.com - 23 Únor, 2021 - 14:11
Get ready, developers- Microsoft's WSL 2 is getting graphics support!
Kategorie: Hacking & Security

Python programming language hurries out update to tackle remote code vulnerability>

LinuxSecurity.com - 23 Únor, 2021 - 14:05
The Python Software Foundation (PSF) has rushed out Python 3.9.2 and 3.8.8 to address two notable security flaws, including one that is remotely exploitable- but in practical terms can only be used to knock a machine offline. Upgrade now!
Kategorie: Hacking & Security

5 Security Lessons for Small Security Teams for the Post COVID19 Era

The Hacker News - 23 Únor, 2021 - 12:01
A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices were abandoned, and people started working
Kategorie: Hacking & Security
Syndikovat obsah