Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge

The Hacker News - 9 Září, 2021 - 10:28
There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety. Software is all around us, and it’s very easy to forget just how much we’re relying on lines of code
Kategorie: Hacking & Security

Hackers Leak VPN Account Passwords From 87,000 Fortinet FortiGate Devices

The Hacker News - 9 Září, 2021 - 09:33
Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices. "These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain
Kategorie: Hacking & Security

CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability

The Hacker News - 9 Září, 2021 - 07:45
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus
Kategorie: Hacking & Security

What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast

Threatpost - 8 Září, 2021 - 23:14
There are a lot of "tells" that the ransomware group doesn't understand how negotiators work, despite threatening to dox data if victims call for help.
Kategorie: Hacking & Security

Tooling Network Detection & Response for Ransomware

Threatpost - 8 Září, 2021 - 21:00
Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware.
Kategorie: Hacking & Security

Windows zero-day MSHTML attack – how not to get booby trapped!

Sophos Naked Security - 8 Září, 2021 - 20:40
Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

Threatpost - 8 Září, 2021 - 19:28
Australian immunization app bug lets attackers fake vaccine status.
Kategorie: Hacking & Security

TeamTNT’s New Tools Target Multiple OS

Threatpost - 8 Září, 2021 - 19:03
The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign.
Kategorie: Hacking & Security

HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack>

LinuxSecurity.com - 8 Září, 2021 - 14:46
A critical security vulnerability ( CVE-2021-40346 ) has been disclosed in HAProxy , a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. HAProxy has released an upgrade remediating the weakness by adding size checks for the name and value lengths.
Kategorie: Hacking & Security

3 Ways to Secure SAP SuccessFactors and Stay Compliant

The Hacker News - 8 Září, 2021 - 14:38
The work-from-anywhere economy has opened up the possibility for your human resources team to source the best talent from anywhere. To scale their operations, organizations are leveraging the cloud to accelerate essential HR functions such as recruiting, onboarding, evaluating, and more. SAP is leading this HR transformation with its human capital management (HCM) solution, SAP SuccessFactors.
Kategorie: Hacking & Security

HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack

The Hacker News - 8 Září, 2021 - 14:33
A critical security vulnerability has been disclosed in HAProxy, a widely used open-source load balancer and proxy server, that could be abused by an adversary to possibly smuggle HTTP requests, resulting in unauthorized access to sensitive data and execution of arbitrary commands, effectively opening the door to an array of attacks. Tracked as CVE-2021-40346, the Integer Overflow vulnerability
Kategorie: Hacking & Security

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows

Threatpost - 8 Září, 2021 - 14:24
Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.
Kategorie: Hacking & Security

Experts Uncover Mobile Spyware Attacks Targeting Kurdish Ethnic Group

The Hacker News - 8 Září, 2021 - 14:13
Cybersecurity researchers on Tuesday released new findings that reveal a year-long mobile espionage campaign against the Kurdish ethnic group to deploy two Android backdoors that masquerade as legitimate apps. Active since at least March 2020, the attacks leveraged as many as six dedicated Facebook profiles that claimed to offer tech and pro-Kurd content — two aimed at Android users while the
Kategorie: Hacking & Security

U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

The Hacker News - 8 Září, 2021 - 14:12
The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system. "Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate," the Cyber National
Kategorie: Hacking & Security

Pozor na zkracovače webových adres, pomáhají šířit škodlivé kódy

Novinky.cz - bezpečnost - 8 Září, 2021 - 13:27
Šíření počítačového smetí přes nevyžádanou poštu a sociální sítě už zřejmě není tak účinné jako dříve. Nejspíše proto hackeři a piráti stále častěji využívají k této činnosti zkracovače webových adres, snaží se tak zamaskovat škodlivé programy na falešných webových stránkách.
Kategorie: Hacking & Security

Best File and Disk Encryption Tools For Linux>

LinuxSecurity.com - 8 Září, 2021 - 13:00
Most of us are familiar with Microsoft Windows or macOS - these OSes dominate the personal computing space. But the OS that is taking over the world isn't owned by Microsoft, Apple, or any tech company for that matter.
Kategorie: Hacking & Security

[Ebook] The Guide for Speeding Time to Response for Lean IT Security Teams

The Hacker News - 8 Září, 2021 - 09:27
Most cyber security today involves much more planning, and much less reacting than in the past. Security teams spend most of their time preparing their organizations' defenses and doing operational work. Even so, teams often must quickly spring into action to respond to an attack. Security teams with copious resources can quickly shift between these two modes. They have enough resources to
Kategorie: Hacking & Security

New 0-Day Attack Targeting Windows Users With Microsoft Office Documents

The Hacker News - 8 Září, 2021 - 06:55
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in
Kategorie: Hacking & Security

Ragnar Locker Gang Warns Victims Not to Call the FBI

Threatpost - 8 Září, 2021 - 00:41
Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help.
Kategorie: Hacking & Security

Netgear Smart Switches Open to Complete Takeover

Threatpost - 7 Září, 2021 - 22:39
The Demon's Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.
Kategorie: Hacking & Security
Syndikovat obsah