Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

The Hacker News - 14 Únor, 2024 - 14:26
Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

The Hacker News - 14 Únor, 2024 - 12:23
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more
Kategorie: Hacking & Security

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

The Hacker News - 14 Únor, 2024 - 12:23
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

The Hacker News - 14 Únor, 2024 - 12:18
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "
Kategorie: Hacking & Security

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

The Hacker News - 14 Únor, 2024 - 12:18
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

The Hacker News - 14 Únor, 2024 - 08:33
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet
Kategorie: Hacking & Security

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

The Hacker News - 14 Únor, 2024 - 08:33
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

The Hacker News - 14 Únor, 2024 - 06:01
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed
Kategorie: Hacking & Security

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

The Hacker News - 14 Únor, 2024 - 06:01
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixedNewsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

How eBPF Can Help IT Teams Improve Security & Observability

LinuxSecurity.com - 13 Únor, 2024 - 23:26
There are various advantages of using Extended Berkeley Packet Filter (eBPF) , a Linux kernel technology, to enhance observability and improve security in IT operations. Efficient data collection is critical, and traditional observability tools are limited in this regard.
Kategorie: Hacking & Security

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

The Hacker News - 13 Únor, 2024 - 15:37
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to
Kategorie: Hacking & Security

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

The Hacker News - 13 Únor, 2024 - 15:37
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

PikaBot Resurfaces with Streamlined Code and Deceptive Tactics

The Hacker News - 13 Únor, 2024 - 15:07
The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos
Kategorie: Hacking & Security

PikaBot Resurfaces with Streamlined Code and Deceptive Tactics

The Hacker News - 13 Únor, 2024 - 15:07
The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution." "Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Hacker za pár sekund překonal šifrování BitLocker. Stačila mu upravená destička Raspberry Pi Pico

Zive.cz - bezpečnost - 13 Únor, 2024 - 13:45
Technologie BitLocker se už roky stará o šifrování disků na počítačích s Windows, ani ta však neodolá hackerům. Bezpečnostní expert Stacksmashing se na YouTube pochlubil, že mu k prolomení stačilo jen pár desítek sekund a prototypovací destička Raspberry Pi Pico za stovku. Raspberry Pi v ...
Kategorie: Hacking & Security

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

The Hacker News - 13 Únor, 2024 - 12:10
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and
Kategorie: Hacking & Security

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

The Hacker News - 13 Únor, 2024 - 12:10
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

The Hacker News - 13 Únor, 2024 - 08:03
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code.
Kategorie: Hacking & Security

Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures

The Hacker News - 13 Únor, 2024 - 08:03
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code. Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

The Hacker News - 13 Únor, 2024 - 05:51
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of
Kategorie: Hacking & Security
Syndikovat obsah