Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

New GandCrab variant attacks Florida School District

LinuxSecurity.com - 15 Září, 2018 - 11:33
LinuxSecurity.com: A GandCrab ransomware attack forced Monroe County School District in Florida to shut down its computer systems for at least three days.
Kategorie: Hacking & Security

BMW ukázalo samořídicí motorku. Umí i zastavit, aniž by se skácela k zemi

Zive.cz - bezpečnost - 15 Září, 2018 - 10:00
** BMW ukázalo motorku, která se řídí úplně sama ** Nehodlá však udělat z motorkářů pasivní diváky ** Cílem je vyšší bezpečnost a stabilita
Kategorie: Hacking & Security

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

Threatpost - 14 Září, 2018 - 23:45
The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.
Kategorie: Hacking & Security

E.U.: Tech Giants Face Big Fines, 1 Hour Limit to Remove Extremist Content

Threatpost - 14 Září, 2018 - 22:32
The rules would apply to all hosting service providers offering services in the E.U., regardless of size, even if they’re not based there.
Kategorie: Hacking & Security

Evropa požaduje globální zákaz zabijáckých robotů. Ne všichni s tím ale souhlasí

Zive.cz - bezpečnost - 14 Září, 2018 - 20:00
Evropský parlament tento týden schválil usnesení, v němž volá po mezinárodním zákazu zabijáckých robotů. „Vím, že to může vypadat jako debata o nějaké vzdálené budoucnosti či sci-fi,“ komentovala to vysoká představitelka Unie pro zahraniční věci a bezpečnosti politiku Federica Mogherini. „Ale není ...
Kategorie: Hacking & Security

Five Weakest Links in Cybersecurity That Target the Supply Chain

Threatpost - 14 Září, 2018 - 18:09
Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The fallout from these breaches can be costly, as the average enterprise pays $1.23 million per incident, up […]
Kategorie: Hacking & Security

Magecart Threat Group Racks Up More Hack Victims

Threatpost - 14 Září, 2018 - 15:26
The threat group has racked up a list of victims including Feedify, Groopdealz and British Airways.
Kategorie: Hacking & Security

Blockchain hustler beats the house with smart contract hack

Sophos Naked Security - 14 Září, 2018 - 14:43
A hacker used their own code to tamper with a smart contract run by a betting company, and walked off with $24,000.

Major US mobile carriers want to be your password

Sophos Naked Security - 14 Září, 2018 - 13:18
Project Verify from Verizon, AT&T, Sprint and T-Mobile aims to replace your password.

Review that! Fake TripAdvisor review peddler sent to jail

Sophos Naked Security - 14 Září, 2018 - 12:35
Jail time for fake reviews is “a landmark ruling for the Internet,” TripAdvisor said.

You didn’t buy ‘your’ iTunes movies; Apple can delete them anytime

Sophos Naked Security - 14 Září, 2018 - 12:09
It's in the terms of service, as one man found out after Apple removed three movies from his iTunes library.

ICO Swamped with GDPR Breach Over-Reporting

LinuxSecurity.com - 14 Září, 2018 - 11:44
LinuxSecurity.com: The ICO has received 500 calls each week to its breach reporting helpline since the GDPR came into force in May, but around a third of these don't meet the minimum threshold, according to the deputy commissioner of operations.
Kategorie: Hacking & Security

DDoS attacks: Students blamed for many university cyber attacks

LinuxSecurity.com - 14 Září, 2018 - 11:35
LinuxSecurity.com: Nation-states and criminal gangs often get the blame for cyber attacks against universities, but a new analysis of campaigns against the education sector suggests that students -- or even staff -- could be perpetrators of many of these attacks.
Kategorie: Hacking & Security

Browser security hole on Macs and iPhones – just how bad is it?

Sophos Naked Security - 14 Září, 2018 - 01:44
A URL spoofing bug in Safari is being reported with the word BEWARE! - we explain how bad it really is, and what to do about it.

An Overview of the OWASP Security Champions Playbook

InfoSec Institute Resources - 13 Září, 2018 - 23:20

The OWASP Security Champions Playbook is a project that was initiated for the purpose of gearing up the OWASP Open Web Application Security Project — namely Security Champions 2.0. This project was started at the OWASP Bucharest AppSec Conference 2017.   The Security Champions Playbook details the main steps required to establish a Security Champions […]

The post An Overview of the OWASP Security Champions Playbook appeared first on InfoSec Resources.

An Overview of the OWASP Security Champions Playbook was first posted on September 13, 2018 at 4:20 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

OilRig APT Continues Its Ongoing Malware Evolution

Threatpost - 13 Září, 2018 - 23:19
The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world.
Kategorie: Hacking & Security

How to Become Your Own Security Champion

InfoSec Institute Resources - 13 Září, 2018 - 23:06

In the last year, you may have heard the term “security champion” and wondered if this was a specific job or just another buzzword. In this article, we’ll talk about what a Security Champion is, what they do and how to become one. What Is a Security Champion and What Do They Do? The primary […]

The post How to Become Your Own Security Champion appeared first on InfoSec Resources.

How to Become Your Own Security Champion was first posted on September 13, 2018 at 4:06 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Security Awareness Checklist for Local Government

InfoSec Institute Resources - 13 Září, 2018 - 22:40

Local government is an umbrella term that covers a variety of entities. These entities include jails, courts, police departments, local Social Security offices, social services, public transportation offices, schools, fire and police departments, local utilities/services and more. Local government agencies are what keep states, cities, towns and municipalities running. This makes them a potential target […]

The post Security Awareness Checklist for Local Government appeared first on InfoSec Resources.

Security Awareness Checklist for Local Government was first posted on September 13, 2018 at 3:40 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

New modification of the old cold boot attack leaves most systems vulnerable

Ars Technica - 13 Září, 2018 - 22:26

Enlarge (credit: rabiem22 / Flickr)

Cold boot attacks, used to extract sensitive data such as encryption keys and passwords from system memory, have been given new blood by researchers from F-Secure. First documented in 2008, cold boot attacks depend on the ability of RAM to remember values even across system reboots. In response, systems were modified to wipe their memory early during the boot process—but F-Secure found that, in many PCs, tampering with the firmware settings can force the memory wipe to be skipped, once again making the cold boot attacks possible.

The RAM in any commodity PC is more specifically called Dynamic RAM (DRAM). The "dynamic" here is in contrast to the other kind of RAM (used for caches in the processor), static RAM (SRAM). SRAM retains its stored values for as long as the chip is powered on; once the value is stored, it remains that way until a new value is stored or power is removed. It doesn't change, hence "static." Each bit of SRAM typically needs six or eight transistors; it's very fast, but the high transistor count makes it bulky, which is why it's only used for small caches.

DRAM, on the other hand, has a much smaller size per bit, using only a single transistor paired with a capacitor. These capacitors lose their stored charge over time; when they're depleted, the DRAM no longer retains the value it was supposed to remember. To handle this, the DRAM is refreshed multiple times per second to top up the capacitors and rewrite the values being stored. This rewriting is what makes DRAM "dynamic." It's not just the power that needs to be maintained for DRAM; the refreshes also need to occur.

Read 12 remaining paragraphs | Comments

Kategorie: Hacking & Security

ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery

Threatpost - 13 Září, 2018 - 21:26
The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution.
Kategorie: Hacking & Security
Syndikovat obsah