Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Energy Sector Phish Swims Past Microsoft Email Security via Google Drive

Threatpost - 15 Srpen, 2019 - 20:49
The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.
Kategorie: Hacking & Security

Apache Security Advisories Red Flag Wrong Versions in Patching Gaffe

Threatpost - 15 Srpen, 2019 - 20:41
Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn.
Kategorie: Hacking & Security

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

The Hacker News - 15 Srpen, 2019 - 19:16
Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC). A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back
Kategorie: Hacking & Security

Choice Hotels Breach Showcases Need for Shared Responsibility Model

Threatpost - 15 Srpen, 2019 - 19:04
700,000 customer records were exposed after being housed on a vendor's server that lacked appropriate security.
Kategorie: Hacking & Security

Clickjacking Evolves to Hook Millions of Top-Site Visitors

Threatpost - 15 Srpen, 2019 - 18:16
Researchers said that clickjacking is a threat that's evolving, with new tactics just starting to emerge.
Kategorie: Hacking & Security

Firefox fixes “master password” security bypass bug

Sophos Naked Security - 15 Srpen, 2019 - 18:11
The bug's in Firefox, but our advice is worth reading whether you use Firefox or not.

About Infosec

InfoSec Institute Resources - 15 Srpen, 2019 - 18:00

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people […]

The post About Infosec appeared first on Infosec Resources.

About Infosec was first posted on August 15, 2019 at 11:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

S2 Ep4: iPhone holes, Android malware and romance scams – Naked Security Podcast

Sophos Naked Security - 15 Srpen, 2019 - 15:12
Episode 4 of the Naked Security Podcast is now live - listen now!

Serious flaws in six printer brands discovered, fixed

Sophos Naked Security - 15 Srpen, 2019 - 15:03
There are many ways to compromise company data, but IT teams often overlook one of the most serious: the humble printer.

CySA+ jobs outlook

InfoSec Institute Resources - 15 Srpen, 2019 - 15:03

Introduction In the cybersecurity field, certifications go a long way. Not only do they teach you the skills and knowledge you need to succeed in various career pathways, but they also net you a higher salary. Plus, when it comes time to apply for a new job or promotion, your certification will put you a […]

The post CySA+ jobs outlook appeared first on Infosec Resources.

CySA+ jobs outlook was first posted on August 15, 2019 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CySA+: IA levels

InfoSec Institute Resources - 15 Srpen, 2019 - 15:01

Introduction: What is the DoD’s actual cyber-strategy? In order to execute the national cyber-strategy, the U.S. Department of Defense (DoD) is striving to make its operatives more skilled with specialized training opportunities and by increasing efficiency in recruitment and in the hiring and training of personnel in information assurance (IA) duties. The Information Assurance Workforce […]

The post CySA+: IA levels appeared first on Infosec Resources.

CySA+: IA levels was first posted on August 15, 2019 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CySA+: Increasing the organization’s credibility

InfoSec Institute Resources - 15 Srpen, 2019 - 15:00

Introduction Hiring information security professionals with the right credentials is a priority for most all organizations these days. With all that can go wrong, from cyberattacks to insider threats, organizations have a strong interest in stamping out these potential threats to their business.  Hiring information security professionals that hold a CySA+ certification is a move […]

The post CySA+: Increasing the organization’s credibility appeared first on Infosec Resources.

CySA+: Increasing the organization’s credibility was first posted on August 15, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Assembly Basics

InfoSec Institute Resources - 15 Srpen, 2019 - 15:00

Introduction This article gives details about assembly programming for the Intel 8086 microprocessor. It also presents very clear details by providing example cases, definitions and syntax explanations on arithmetic instructions, logical instructions and operands. Why study this topic? It’s important to understand the basic concepts of computer architecture, chip logic and memory management. People dealing […]

The post Assembly Basics appeared first on Infosec Resources.

Assembly Basics was first posted on August 15, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

New Research: Lessons from Password Checkup in action

Google Security Blog - 15 Srpen, 2019 - 14:00
Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse research

Back in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever you sign in to a site using one of over 4 billion usernames and passwords that Google knows to be unsafe due to a third-party data breach. Since our launch, over 650,000 people have participated in our early experiment. In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe---1.5% of sign-ins scanned by the extension.
Today, we are sharing our most recent lessons from the launch and announcing an updated set of features for the Password Checkup extension. Our full research study, available here, will be presented this week as part of the USENIX Security Symposium.

Which accounts are most at risk?

Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach. If you use strong, unique passwords for all your accounts, this risk disappears. Based on anonymous telemetry reported by the Password Checkup extension, we found that users reused breached, unsafe credentials for some of their most sensitive financial, government, and email accounts. This risk was even more prevalent on shopping sites (where users may save credit card details), news, and entertainment sites.

In fact, outside the most popular web sites, users are 2.5X more likely to reuse vulnerable passwords, putting their account at risk of hijacking.
Anonymous telemetry reported by Password Checkup extension shows that users most often reuse vulnerable passwords on shopping, news, and entertainment sites.

Helping users re-secure their unsafe passwords

Our research shows that users opt to reset 26% of the unsafe passwords flagged by the Password Checkup extension. Even better, 60% of new passwords are secure against guessing attacks—meaning it would take an attacker over a hundred million guesses before identifying the new password.
Improving the Password Checkup extension

Today, we are also releasing two new features for the Password Checkup extension. The first is a direct feedback mechanism where users can inform us about any issues that they are facing via a quick comment box. The second gives users even more control over their data. It allows users to opt-out of the anonymous telemetry that the extension reports, including the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage. By design, the Password Checkup extension ensures that Google never learns your username or password, regardless of whether you enable telemetry, but we still want to provide this option if users would prefer not to share this information.


We're continuing to improve the Password Checkup extension and exploring ways to implement its technology into Google products. For help keeping all your online accounts safe from hijacking, you can install the Password Checkup extension here today.
Kategorie: Hacking & Security

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online

The Hacker News - 15 Srpen, 2019 - 13:08
In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint
Kategorie: Hacking & Security

‘NULL’ license plate gets security researcher $12K in tickets

Sophos Naked Security - 15 Srpen, 2019 - 12:58
The vanity plate sounded good in theory: maybe it would make his plate invisible to ALPR systems?!

Hacking forum spills rivals 321,000 member database

LinuxSecurity.com - 15 Srpen, 2019 - 12:42
Have you heard about the recent leak affecting the hacking forum Cracked.to? Last Friday the forum's database of 321,000 members and 749,161 unique email addresses was leaked on rival site, RaidForums. Learn the details in this interesting article:
Kategorie: Hacking & Security

Hacking forum spills rival’s 321,000 member database

Sophos Naked Security - 15 Srpen, 2019 - 12:41
When users of hacking forums turn on each other, expect things to get messy quickly.

Facebook got humans to listen in on some Messenger voice chats

Sophos Naked Security - 15 Srpen, 2019 - 12:15
Facebook says it's paused the practice of collecting voice clips and sending them to employees to transcribe and analyze.

Pozor na otisky prstů, na webu se potulovala jejich obrovská databáze

Zive.cz - bezpečnost - 15 Srpen, 2019 - 10:45
Jihokorejský výrobce bezpečnostních podnikových systémů Suprema má vážný problém. Na webu kdosi zpřístupnil data z Jeho biometrické služby BioStar 2, kterou využívají společnosti po celém světě včetně nejrůznějších bank nebo britské policie. Uniklá data objevili izraelští výzkumníci ...
Kategorie: Hacking & Security
Syndikovat obsah