Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Google přidal podporu Asistenta pro Nest Security. Nikdo ale netušil, že má zařízení mikrofon

Zive.cz - bezpečnost - 20 Únor, 2019 - 17:38
Google v roce 2017 uvedl Nest Security System, který slouží k hlídání domácnosti. V únoru firma vydala aktualizaci pro Nest Guard, která z něj vytvoří chytrý reproduktor – uvnitř přistane Google Asistent. Vtip je v tom, že nikdo netušil, že je součástí zařízení i mikrofon. Informoval o tom Business ...
Kategorie: Hacking & Security

Microsoft: Russia’s Fancy Bear Working to Influence EU Elections

Threatpost - 20 Únor, 2019 - 17:16
As hundreds of millions of Europeans prepare to go to the polls in May, Fancy Bear ramps up cyber-espionage and disinformation efforts.
Kategorie: Hacking & Security

The Not-So-Black-and-White of Grayware

InfoSec Institute Resources - 20 Únor, 2019 - 16:01

We hear a lot about malware, and fair enough — malware is behind some of the world’s largest data breaches. However, malware has a cousin. This cousin is known as grayware. Grayware, as the name suggests, sits somewhere in the middle between purposely malicious and not. At best, this software is annoying; at worst, it […]

The post The Not-So-Black-and-White of Grayware appeared first on InfoSec Resources.

The Not-So-Black-and-White of Grayware was first posted on February 20, 2019 at 9:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Exploring Commonly-Used Yet Vulnerable Components

InfoSec Institute Resources - 20 Únor, 2019 - 15:59

Introduction In this article, we will explore some technologies that are commonly used today despite being known to be vulnerable. We’ll discuss why these technologies are considered vulnerable, and if available, which of their alternatives can best be used as secure replacements. It is estimated that today, over 80% of the software in use has […]

The post Exploring Commonly-Used Yet Vulnerable Components appeared first on InfoSec Resources.

Exploring Commonly-Used Yet Vulnerable Components was first posted on February 20, 2019 at 8:59 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Unikly tisíce přihlašovacích údajů Spotify. Mezi poškozenými jsou i Češi

Zive.cz - bezpečnost - 20 Únor, 2019 - 14:55
Hudební služba Spotify čelí úniku přihlašovacích údajů. Web HaveIBeenPwned.com, který monitoruje úniky dat, přes noc e-mailem informoval své uživatele, že se na internetu objevila volně přístupná databáze s přihlašovacími údaji. Hesla s e-mailovými adresami byla zobrazena na stránce ...
Kategorie: Hacking & Security

Ep. 020 – Leaky containers, careless coders and risky USB cables [PODCAST]

Sophos Naked Security - 20 Únor, 2019 - 14:52
Here's the latest Naked Security podcast... enjoy!

Virus attack! Hackers unleash social media worm after bug report ignored

Sophos Naked Security - 20 Únor, 2019 - 14:24
Is it ok to launch a benign proof of concept that you know will go wide, to bring a flaw to people's attention, or should you stay quiet?

Peníze jsme si strhli z karty, zkouší podvodníci vyděsit důvěřivce

Novinky.cz - bezpečnost - 20 Únor, 2019 - 12:27
Trik s falešnými fakturami oprášili po několika týdnech podvodníci, kteří se vydávají za pracovníky společnosti Apple. Důvěřivce se snaží vyděsit tím, že z jejich platební karty strhli peníze. Ve skutečnosti se však snaží z příjemců podvodných e-mailů vylákat přihlašovací údaje k účtům na Applu, načež je pak mohou skutečně připravit o peníze.
Kategorie: Hacking & Security

Facebook tracks users it thinks may harm its employees

Sophos Naked Security - 20 Únor, 2019 - 12:17
Threat makers are sometimes geolocated to determine how credible their threats are, as in, are they near enough to really attack?

Google’s working on stopping sites from blocking Incognito mode

Sophos Naked Security - 20 Únor, 2019 - 11:49
Google Chrome's Incognito mode hasn't been an impenetrable privacy shield: For years, it's been a snap for web developers to detect when Chrome users are browsing in private mode and to block site visitors who use it. Now it looks like Google plans to close that loophole.

Microsoft to Kill Updates for Legacy OS Using SHA-1

Threatpost - 19 Únor, 2019 - 23:36
Windows 7 and Windows Server 2008 users are being asked to upgrade their encryption support.
Kategorie: Hacking & Security

ThreatList: APT Adversaries Up the Ante on Speed, Target Telecom

Threatpost - 19 Únor, 2019 - 23:07
Russia-linked actors need just 18 minutes to go from compromise to lateral movement.
Kategorie: Hacking & Security

Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years

The Hacker News - 19 Únor, 2019 - 20:45
Exclusive — If you have not updated your website to the latest WordPress version 5.0.3, it’s a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately. Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that
Kategorie: Hacking & Security

New GandCrab Decryptor Unlocks Files of Updated Ransomware

Threatpost - 19 Únor, 2019 - 20:00
This is the third update to the prolific GandCrab malware within the past year.
Kategorie: Hacking & Security

ATM Jackpotting Malware Hones Its Heist Tools

Threatpost - 19 Únor, 2019 - 18:23
The WinPot malware takes its cues from slot machines.
Kategorie: Hacking & Security

Mandatory update coming to Windows 7, 2008 to kill off weak update hashes

Ars Technica - 19 Únor, 2019 - 18:10

Enlarge

Windows 7 and Windows Server 2008 users will imminently have to deploy a mandatory patch if they want to continue updating their systems, as spotted by Mary Jo Foley.

Currently, Microsoft's Windows updates use two different hashing algorithms to enable Windows to detect tampering or modification of the update files: SHA-1 and SHA-2. Windows 7 and Server 2008 verify the SHA-1 patches; Windows 8 and newer use the SHA-2 hashes instead. March's Patch Tuesday will include a standalone update for Windows 7, Windows Server 2008 R2, and WSUS to provide support for patches hashed with SHA-2. April's Patch Tuesday will include an equivalent update for Windows Server 2008.

The SHA-1 algorithm, first published in 1995, takes some input and produces a value known as a hash or a digest that's 20 bytes long. By design, any small change to the input should produce, with high probability, a wildly different hash value. SHA-1 is no longer considered to be secure, as well-funded organizations have managed to generate hash collisions—two different files that nonetheless have the same SHA-1 hash. If a collision could be generated for a Windows update, it would be possible for an attacker to produce a malicious update that nonetheless appeared to the system to have been produced by Microsoft and not subsequently altered.

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

Facebook flaw could have allowed an attacker to hijack accounts

Sophos Naked Security - 19 Únor, 2019 - 17:59
The CSRF bypass flaw has now been fixed, and the researcher who discovered it has netted $25,000.

Quick and Dirty BurpSuite Tutorial (2019 Update)

InfoSec Institute Resources - 19 Únor, 2019 - 17:00

Introduction In this article we look at BurpSuite, a framework of tools that can be used during penetration testing. We’ll cover the latest release of BurpSuite, version 2.0, getting our hands dirty with the OWASP Juice Shop vulnerable Web application. Overview This article is intended for penetration testers and bug bounty hunters as well as […]

The post Quick and Dirty BurpSuite Tutorial (2019 Update) appeared first on InfoSec Resources.

Quick and Dirty BurpSuite Tutorial (2019 Update) was first posted on February 19, 2019 at 10:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security
Syndikovat obsah