Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

The Hacker News - 18 Březen, 2024 - 18:56
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as Kimsuky. "The malware payloads used in the DEEP#GOSU represent a Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

The Hacker News - 18 Březen, 2024 - 13:58
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

The Hacker News - 18 Březen, 2024 - 13:35
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

The Hacker News - 18 Březen, 2024 - 10:46
WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and discovered by Stiofan. It impacts the following versions of the two plugins - Malware Scanner (Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme

The Hacker News - 18 Březen, 2024 - 06:59
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Severe X.Org Memory Safety, Code Execution Vulns Fixed

LinuxSecurity.com - 17 Březen, 2024 - 12:00
After recent heap overflow, out-of-bounds write, and privilege escalation flaws brought X.Org into the spotlight, more severe memory safety and code execution vulnerabilities have been identified in the popular X server. These issues affect the X.Org X11 server.
Kategorie: Hacking & Security

Multiple Chromium DoS, Info Disclosure Vulns Fixed

LinuxSecurity.com - 17 Březen, 2024 - 12:00
Multiple severe security issues were discovered in Chromium before version 122.0.6261.128, which could result in arbitrary code execution, denial of service, or information disclosure. Let's examine these vulnerabilities, their impact, and how to protect against them.
Kategorie: Hacking & Security

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

The Hacker News - 16 Březen, 2024 - 13:31
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. "The repositories look Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

The Hacker News - 15 Březen, 2024 - 18:46
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. "All the common synchronization primitives implemented Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Third-Party ChatGPT Plugins Could Lead to Account Takeovers

The Hacker News - 15 Březen, 2024 - 12:34
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users' consent Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

New GhostRace Attack Impacts Major CPU, Software Vendors

LinuxSecurity.com - 15 Březen, 2024 - 12:00
A new data leakage attack called GhostRace ( CVE-2024-2193 ) was recently discovered. It affects major CPU manufacturers and widely used software. This critical analysis will investigate the implications of this attack and discuss its significance for Linux admins, infosec professionals, and Internet security enthusiasts.
Kategorie: Hacking & Security

Open Source is Not Insecure, Despite Common Misconceptions

LinuxSecurity.com - 15 Březen, 2024 - 12:00
A common misconception is that open-source software is less secure than proprietary software. To help dispel this myth, we'll highlight the benefits of open-source software in terms of security and show that the trust placed in the open-source community is well-founded.
Kategorie: Hacking & Security

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

The Hacker News - 15 Březen, 2024 - 08:50
Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known bad sites in real-time,” Google’s Jonathan Li and Jasika Bawa said. “If we Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers

The Hacker News - 15 Březen, 2024 - 07:18
Chinese users looking for legitimate software such as Notepad++ and VNote on search engines like Baidu are being targeted with malicious ads and bogus links to distribute trojanized versions of the software and ultimately deploy Geacon, a Golang-based implementation of Cobalt Strike. “The malicious site found in the notepad++ search is distributed through an advertisement block,” Kaspersky Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

The Hacker News - 14 Březen, 2024 - 14:47
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit
Kategorie: Hacking & Security

LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

The Hacker News - 14 Březen, 2024 - 14:47
A 34-year-old Russian-Canadian national has been sentenced to nearly four years in jail in Canada for his participation in the LockBit global ransomware operation. Mikhail Vasiliev, an Ontario resident, was originally arrested in November 2022 and charged by the U.S. Department of Justice (DoJ) with "conspiring with others to intentionally damage protected computers and to transmit Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

The Hacker News - 14 Březen, 2024 - 12:59
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said. “To exploit
Kategorie: Hacking & Security

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

The Hacker News - 14 Březen, 2024 - 12:59
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said. “To exploit Newsroomhttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security

3 Things CISOs Achieve with Cato

The Hacker News - 14 Březen, 2024 - 11:24
Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise. This article details how CISOs are
Kategorie: Hacking & Security

3 Things CISOs Achieve with Cato

The Hacker News - 14 Březen, 2024 - 11:24
Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise. This article details how CISOs are The Hacker Newshttp://www.blogger.com/profile/[email protected]
Kategorie: Hacking & Security
Syndikovat obsah