Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Mobilního ransomwaru dramaticky přibylo, varovali bezpečnostní experti

Novinky.cz - bezpečnost - 5 hodin 6 min zpět
Vyděračské viry, které jsou označovány souhrnným názvem ransomware, dokážou pěkně potrápit majitele klasických počítačů. Stejnou neplechu ale dokážou udělat tito nezvaní návštěvníci také ve smartphonech a tabletech. A právě na mobilní zařízení se zaměřují kyberzločinci stále častěji, jak upozornili bezpečnostní experti antivirové společnosti Kaspersky Lab.
Kategorie: Hacking & Security

Russian Hackers Made 'Tainted Leaks' a Thing — Phishing to Propaganda

The Hacker News - 6 hodin 53 min zpět
We came across so many revelations of sensitive government and corporate data on the Internet these days, but what's the accuracy of that information leaked by unknown actors? How much real are that information that you completely trust upon? Security researchers have discovered new evidence of one such sophisticated global espionage and disinformation campaign with suspected ties to the
Kategorie: Hacking & Security

Nový způsob ovládnutí Androidu zmate i zkušené uživatele

Zive.cz - bezpečnost - 8 hodin 18 min zpět
Výzkumníci z atlantské univerzity Georgia Institute of Technology úspěšně demonstrovali nový způsob útoku, jakým lze zcela ovládnout libovolné zařízení s operačním systémem Android 5.1.1 Lollipop nebo novějším. Tématu se věnoval web XDA Developers. Koncept dostal název Cloak and Dagger. Pro ...
Kategorie: Hacking & Security

Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw

Threatpost - 28 Květen, 2017 - 12:00
Microsoft quietly patched a critical vulnerability found by Google's Project Zero team in the Malware Protection Engine.
Kategorie: Hacking & Security

Radio-controlled pacemakers aren’t as hard to hack as you (may) think

Ars Technica - 26 Květen, 2017 - 19:55

Enlarge (credit: US Food and Drug Administration)

Pacemakers are devices that are implanted in the chest or abdomen to control life-threatening heartbeat abnormalities. Once they're in place, doctors use radio signals to adjust the pacemakers so that additional major surgeries aren't required. A study recently found that pacemakers from the four major manufacturers contain security weaknesses that make it possible for the devices to be stopped or adjusted in ways that could have dire effects on patients.

Chief among the concerns: radio frequency-enabled pacemaker programmers don't authenticate themselves to the implanted cardiac devices, making it possible for someone to remotely tamper with them.

"Any pacemaker programmer can reprogram any pacemaker from the same manufacturer," researchers from medical device security consultancy WhiteScope wrote in a summary of their findings. "This shows one of the areas where patient care influenced cybersecurity posture."

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Crysis ransomware master keys posted to Pastebin

Sophos Naked Security - 26 Květen, 2017 - 19:26
Why would someone release the keys to victims? Who knows, but as the poster who uploaded them says, 'Enjoy!'

Mark Dowd on Exploit Mitigation Development

Threatpost - 26 Květen, 2017 - 18:00
Mark Dowd discusses why certain exploit mitigations have been so successful in driving up the cost of exploit development for attackers.
Kategorie: Hacking & Security

Trump has an iPhone with one app: Twitter

Ars Technica - 26 Květen, 2017 - 17:10

Enlarge (credit: Andrew Harrer/Bloomberg via Getty Images)

Early in March, President Donald Trump surrendered his personal Android phone—the phone from which scores of controversial Twitter posts had been launched. Based on Twitter metadata, Trump retired the Android device after expressing outrage over the DNC's failure to let the FBI search its servers and taunting Arnold Schwarzenegger on March 5. The next day, he replaced it with an iPhone.

According to a report from Axios' Mike Allen, Twitter is the only application running on Trump's new iPhone. And on his current overseas trip, staff have tried to limit his screen time in order to reduce the volume of his 140-character missives, Allen wrote:

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

Pacemaker Ecosystem Fails its Cybersecurity Checkup

Threatpost - 26 Květen, 2017 - 17:00
Pacemakers and pacemaker programmers lack authentication and are plagued with thousands of software vulnerabilities across leading manufacturers.
Kategorie: Hacking & Security

Threatpost News Wrap, May 26, 2017

Threatpost - 26 Květen, 2017 - 16:00
Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.
Kategorie: Hacking & Security

Microsoft koupil za 100 milionů dolarů startup Hexadite, který se zaměřuje na kyberbezpečnost

Zive.cz - bezpečnost - 26 Květen, 2017 - 14:30
Microsoft začátkem roku oznámil, že plánuje i nadále investovat a kupovat společnosti z oblasti kyberbezpečnosti a má na to vyhrazeno přibližně miliardu dolarů ročně. Jednou z nových akvizic je startup Hexadite. Hexadite se specializuje na vývoj technologií v oblasti detekce a varování při ...
Kategorie: Hacking & Security

Top 7 Ways to Use Wi-Fi Hotspots Safely

InfoSec Institute Resources - 26 Květen, 2017 - 14:00

Often we find ourselves away from home with no internet connection; however, there are likely public Wi-Fi hotspots in the area that could be utilized. While it may be tempting to connect to the first hotspot that is not password protected, doing so can cause harm to privacy, and risk doing infecting your computer, cell […]

The post Top 7 Ways to Use Wi-Fi Hotspots Safely appeared first on InfoSec Resources.

Kategorie: Hacking & Security

How to build your own VPN if you’re (rightfully) wary of commercial options

Ars Technica - 26 Květen, 2017 - 14:00

Enlarge (credit: Aurich / Thinkstock)

In the wake of this spring's Senate ruling nixing FCC privacy regulations imposed on ISPs, you may be (even more) worried about how your data is used, misused, and abused. There have been a lot of opinions on this topic since, ranging from "the sky is falling" to "move along, citizen, nothing to see here." The fact is, ISPs tend to be pretty unscrupulous, sometimes even ruthless, about how they gather and use their customers' data. You may not be sure how it's a problem if your ISP gives advertisers more info to serve ads you'd like to see—but what about when your ISP literally edits your HTTP traffic, inserting more ads and possibly breaking webpages?

With a Congress that has demonstrated its lack of interest in protecting you from your ISP, and ISPs that have repeatedly demonstrated a "whatever-we-can-get-away-with" attitude toward customers' data privacy and integrity, it may be time to look into how to get your data out from under your ISP's prying eyes and grubby fingers intact. To do that, you'll need a VPN.

The scope of the problem (and of the solution)

Before you can fix this problem, you need to understand it. That means knowing what your ISP can (and cannot) detect (and modify) in your traffic. HTTPS traffic is already relatively secure—or, at least, its content is. Your ISP can't actually read the encrypted traffic that goes between you and an HTTPS website (at least, they can't unless they convince you to install a MITM certificate, like Lenovo did to unsuspecting users of its consumer laptops in 2015). However, ISPs do know that you visited that website, when you visited it, how long you stayed there, and how much data went back and forth.

Read 81 remaining paragraphs | Comments

Kategorie: Hacking & Security

Rash Of Phishing Attacks Use HTTPS To Con Victims

Threatpost - 26 Květen, 2017 - 14:00
Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they're visiting a safe site.
Kategorie: Hacking & Security

How is AI Addressing Cyber Security Challenges?

InfoSec Institute Resources - 26 Květen, 2017 - 14:00

Cyber-attackers are moving towards automation to launch cyber-attacks more frequently, while many organizations are still using manual systems and strategies to analyze security findings and contextualizing them with external threat information. Using such outdated strategies and methods, it can take weeks or months to identify intrusions, during which time attackers can successfully exploit vulnerabilities to […]

The post How is AI Addressing Cyber Security Challenges? appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Security Risks of Smart E-cigarettes

InfoSec Institute Resources - 26 Květen, 2017 - 14:00

Section 1. Introduction An increasing number of household devices become electronically interconnected. In addition to smartphones, tablets, fridges, smart TVs and other IoT devices, items for personal use, such cigarettes, also become technologically smarter. The trend of e-smoking started in the early 2000s when the first patent for an e-cigarette was filed. Statistics demonstrate that, […]

The post Security Risks of Smart E-cigarettes appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Positive Technologies expert helps to fix vulnerability in Viber for Windows

Positive Research Center - 26 Květen, 2017 - 13:54

Viber has fixed a vulnerability in the company's Windows client found by a group of security experts, which included a Positive Technologies researcher. This security bug enabled attackers to steal data needed for user authentication in Windows. Users urged to update to Viber version 6.7.2

"In essence, when a link resembling http://host/img.jpg is sent during a chat, Viber would first load it as the client who sent the link. If a picture is hosted at the indicated URL, then Viber would try to download it as the receiving client. This scheme would work only if the initiating client confirmed the presence of a picture at that URL," explained Timur Yunusov, Head of the Banking Security Unit at Positive Technologies.
If the server sent a 401 "authentication required" message (instead of a picture) in response to the second request and then asked for NTLM authentication, Viber would send the user's NTLM hash.

In addition, the vulnerability made it possible to force the client to send arbitrary GET requests. This attack could, for example, be used to reprogram home routers and other devices.

"This vulnerability could be used only by an attacker whose mobile phone number was saved in the user's contact list. Therefore no mass attack on Windows users was possible. We also note that a successful attack generally required performing a whole series of GET requests, meaning that the attacker would need to send multiple links to a potential victim," commented the Viber press service. "Around six percent of our active users in Russia have used the Windows client at least once in the last month to send a message, perform calls, or view public chats."

The vulnerability in the Viber client for Windows has been fixed as of Viber version 6.7.2, which is currently available for download.

Samba exploit – not quite WannaCry for Linux, but patch anyway!

Sophos Naked Security - 26 Květen, 2017 - 13:35
SMB is the Windows networking protocol, so SMB security holes like the one that led to WannaCry can't happen on Linux/Unix, right? Wrong!

Campaigners demand halt to Vermont’s use of facial recognition

Sophos Naked Security - 26 Květen, 2017 - 13:05
Despite use of facial recognition being banned under state law, Vermont's DMV is 'overstepping' the legislation, say campaigners
Syndikovat obsah