je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.


Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies

Threatpost - 9 Listopad, 2018 - 23:50
The results could start a wave of major damages for companies that collect and sell consumer information.
Kategorie: Hacking & Security

Recently-Patched Adobe ColdFusion Flaw Exploited By APT

Threatpost - 9 Listopad, 2018 - 23:16
The critical vulnerability, which was patched earlier in September, has put ColdFusion servers at risk.
Kategorie: Hacking & Security

ThreatList: Google Play Nine Times Safer Than Third-Party App Stores

Threatpost - 9 Listopad, 2018 - 18:28
Out of the 2 billion Android users out there, the rate of potential malware infection is less than 1 percent across the board, Google says.
Kategorie: Hacking & Security

Threatpost News Wrap Podcast for Nov. 9

Threatpost - 9 Listopad, 2018 - 18:20
The Threatpost editors break down the top news stories from this week.
Kategorie: Hacking & Security

Embracing the Cybersecurity ‘Grey Space’

Threatpost - 9 Listopad, 2018 - 18:13
Security teams carefully monitor potential threat activity, but incidents aren’t always black and white.
Kategorie: Hacking & Security

Introducing the Android Ecosystem Security Transparency Report

Google Security Blog - 9 Listopad, 2018 - 15:44
Posted by Jason Woloz and Eugene Liderman, Android Security & Privacy Team

Update: We identified a bug that affected how we calculated data from Q3 2018 in the Transparency Report. This bug created inconsistencies between the data in the report and this blog post. The data points in this blog post have been corrected.

As shared during the What's new in Android security session at Google I/O 2018, transparency and openness are important parts of Android's ethos. We regularly blog about new features and enhancements and publish an annual Android Security Year in Review, which highlights Android ecosystem trends. To provide more frequent insights, we're introducing a quarterly Android Ecosystem Security Transparency Report. This report is the latest addition to our Transparency Report site, which began in 2010 to show how the policies and actions of governments and corporations affect privacy, security, and access to information online.

This Android Ecosystem Security Transparency Report covers how often a routine, full-device scan by Google Play Protect detects a device with PHAs installed. Google Play Protect is built-in protection on Android devices that scans over 50 billion apps daily from inside and outside of Google Play. These scans look for evidence of Potentially Harmful Applications (PHAs). If the scans find a PHA, Google Play Protect warns the user and can disable or remove PHAs. In Android's first annual Android Security Year in Review from 2014, fewer than 1% of devices had PHAs installed. The percentage has declined steadily over time and this downward trend continues through 2018. The transparency report covers PHA rates in three areas: market segment (whether a PHA came from Google Play or outside of Google Play), Android version, and country.

Devices with Potentially Harmful Applications installed by market segment

Google works hard to protect your Android device: no matter where your apps come from. Continuing the trend from previous years, Android devices that only download apps from Google Play are 9 times less likely to get a PHA than devices that download apps from other sources. Before applications become available in Google Play they undergo an application review to confirm they comply with Google Play policies. Google uses a risk scorer to analyze apps to detect potentially harmful behavior. When Google’s application risk analyzer discovers something suspicious, it flags the app and refers the PHA to a security analyst for manual review if needed. We also scan apps that users download to their device from outside of Google Play. If we find a suspicious app, we also protect users from that—even if it didn't come from Google Play.

In the Android Ecosystem Security Transparency Report, the Devices with Potentially Harmful Applications installed by market segment chart shows the percentage of Android devices that have one or more PHAs installed over time. The chart has two lines: PHA rate for devices that exclusively install from Google Play and PHA rate for devices that also install from outside of Google Play. In 2017, on average 0.09% of devices that exclusively used Google Play had one or more PHAs installed. The first three quarters in 2018 averaged a lower PHA rate of 0.08%.

The security of devices that installed apps from outside of Google Play also improved. In 2017, ~0.82% of devices that installed apps from outside of Google Play were affected by PHA; in the first three quarters of 2018, ~0.68% were affected. Since 2017, we've reduced this number by expanding the auto-disable feature which we covered on page 10 in the 2017 Year in Review. While malware rates fluctuate from quarter to quarter, our metrics continue to show a consistent downward trend over time. We'll share more details in our 2018 Android Security Year in Review in early 2019.

Devices with Potentially Harmful Applications installed by Android version

Newer versions of Android are less affected by PHAs. We attribute this to many factors, such as continued platform and API hardening, ongoing security updates and app security and developer training to reduce apps' access to sensitive data. In particular, newer Android versions—such as Nougat, Oreo, and Pie—are more resilient to privilege escalation attacks that had previously allowed PHAs to gain persistence on devices and protect themselves against removal attempts. The Devices with Potentially Harmful Applications installed by Android version chart shows the percentage of devices with a PHA installed, sorted by the Android version that the device is running.

Devices with Potentially Harmful Applications rate by top 10 countries

Overall, PHA rates in the ten largest Android markets have remained steady. While these numbers fluctuate on a quarterly basis due to the fluidity of the marketplace, we intend to provide more in depth coverage of what drove these changes in our annual Year in Review in Q1, 2019.

The Devices with Potentially Harmful Applications rate by top 10 countries chart shows the percentage of devices with at least one PHA in the ten countries with the highest volume of Android devices. India saw the most significant decline in PHAs present on devices, with the average rate of infection dropping by 34 percent. Indonesia, Mexico, and Turkey also saw a decline in the likelihood of PHAs being present on devices in the region. South Korea saw the lowest number of devices containing PHA, with only 0.1%.

Check out the report

Over time, we'll add more insights into the health of the ecosystem to the Android Ecosystem Security Transparency Report. If you have any questions about terminology or the products referred to in this report please review the FAQs section of the Transparency Report. In the meantime, check out our new blog post and video outlining Android’s performance in Gartner’s Mobile OSs and Device Security: A Comparison of Platforms report.
Kategorie: Hacking & Security

258,000 encrypted IronChat phone messages cracked by police

Sophos Naked Security - 9 Listopad, 2018 - 12:53
They expect to cuff hundreds of criminals who used the pricey phones, which were sold with the crypto app preinstalled.

Sent a photo to the wrong person? Facebook Messenger to let you unsend it

Sophos Naked Security - 9 Listopad, 2018 - 12:31
Think fast! You'll only have up to 10 minutes to hit unsend: a lot stingier than the hour afforded by WhatsApp.

Update now! WordPress sites vulnerable to WooCommerce plugin flaw

Sophos Naked Security - 9 Listopad, 2018 - 12:25
Researchers have published details of a dangerous flaw in the way the hugely popular WooCommerce plugin interacts with WordPress that could allow an attacker with access to a single account to take over an entire site.

DerpTrolling game server DDoS attacker pleads guilty

Sophos Naked Security - 9 Listopad, 2018 - 11:59
Austin Thompson pleaded guilty on November 6 in a San Diego Federal court to knowingly causing damage to third-party computers.

Developing Security Champions within DevOps — CyberSpeak Podcast

InfoSec Institute Resources - 9 Listopad, 2018 - 11:10

On this episode of the CyberSpeak with InfoSec Institute podcast, Ty Sbano, head of security at Periscope Data, talks about spreading security awareness and building Security Champions in the world of DevOps. In the podcast, Weller and host Chris Sienko discuss: Why is National Cybersecurity Awareness Month, which just ended, so important? (1:35) What are […]

The post Developing Security Champions within DevOps — CyberSpeak Podcast appeared first on InfoSec Resources.

Developing Security Champions within DevOps — CyberSpeak Podcast was first posted on November 9, 2018 at 4:10 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at
Kategorie: Hacking & Security

K fotkám a videím z dronů se mohl dostat kdokoliv - bezpečnost - 9 Listopad, 2018 - 11:03
Kritickou bezpečnostní chybu objevili experti ze společnosti Check Point v platformě společnosti DJI, která vyrábí drony. Zranitelnost se týkala uživatelů DJI, kteří synchronizovali své letové záznamy, včetně fotek, videí a letových záznamů, na cloudové servery DJI. A také firemních uživatelů, kteří používali software DJI FlightHub, který obsahuje živé záběry z kamery, zvuk a zobrazení mapy. Trhlina již byla opravena.
Kategorie: Hacking & Security

Hacker Who DDoSed Sony, EA and Steam Gaming Servers Pleads Guilty

The Hacker News - 9 Listopad, 2018 - 09:22
A 23-year-old hacker from Utah pleaded guilty this week to launching a series of denial-of-service (DoS) attacks against multiple online services, websites, and online gaming companies between 2013 and 2014. According to a Justice Department (DoJ) press release, Austin Thompson, a.k.a. "DerpTroll," took down servers of several major gaming platforms including Electronic Arts' Origin service,
Kategorie: Hacking & Security

Oracle's VirtualBox vulnerability leaked by disgruntled researcher - 9 Listopad, 2018 - 08:45 An independent researcher who was disgruntled with traditional bug bounty methods took it upon himself to leak the details of an exploit in Oracle's Virtual Box without first informing Oracle.
Kategorie: Hacking & Security

Dharma Ransomware Hits Altus Baytown Hospital's Systems - 9 Listopad, 2018 - 08:37 Altus Baytown Hospital (ABH) was hit by a ransomware attack on September 3, 2018, with a lot of documents containing patient info being encrypted and the attackers requesting a ransom to unlock the hospital's data.
Kategorie: Hacking & Security

Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal

Threatpost - 8 Listopad, 2018 - 22:56
Two samples have already been added to the malware zoo, indicating a new openness from the federal government when it comes to cyber.
Kategorie: Hacking & Security

Flaws in Popular Self-Encrypting SSDs Let Attackers Decrypt Data

The Hacker News - 8 Listopad, 2018 - 20:09
We all have something to hide, something to protect. But if you are also relying on self-encrypting drives for that, then you should read this news carefully. Security researchers have discovered multiple critical vulnerabilities in some of the popular self-encrypting solid state drives (SSD) that could allow an attacker to decrypt disk encryption and recover protected data without knowing
Kategorie: Hacking & Security

Here's How Hackers Could Have Spied On Your DJI Drone Account

The Hacker News - 8 Listopad, 2018 - 20:08
Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by the
Kategorie: Hacking & Security

Apple 0, José 3 – Man versus Megacorp! [PODCAST]

Sophos Naked Security - 8 Listopad, 2018 - 19:30
Here's the latest Naked Security Podcast - enjoy!

Cisco Accidentally Released Dirty Cow Exploit Code in Software

Threatpost - 8 Listopad, 2018 - 18:39
Cisco revealed that it had "inadvertently" shipped an in-house exploit code that was used in test scripts as part of  its TelePresence Video Communication Server and Expressway Series software.
Kategorie: Hacking & Security
Syndikovat obsah