Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Mladík dostal dva roky za kyberterorismus vůči USA

Novinky.cz - bezpečnost - 2 hodiny 17 min zpět
Ke dvěma rokům vězení byl tento týden v Británii odsouzen za závažné počítačové pirátství 18letý Kane Gamble. Ještě jako nezletilý se dokázal dostat do e-mailových a mobilních účtů významných činitelů amerických zpravodajských služeb a ministerstva spravedlnosti a některé utajované materiály, které přitom získal, předal dál.
Kategorie: Hacking & Security

How open source databases are sucking revenue out of legacy vendors' pockets

LinuxSecurity.com - 22 Duben, 2018 - 15:28
LinuxSecurity.com: A decade ago, it was a serious question whether open source databases were ready for mission-critical applications. The obvious response at the time was "no," with substantial evidence to back that claim. More recently, self-promoting vendors have continued to pitch the idea that proprietary databases "are the best fit for mission-critical applications," but the idea has lost credibility.
Kategorie: Hacking & Security

Apple continues open source campaign by releasing FoundationDB on GitHub

LinuxSecurity.com - 22 Duben, 2018 - 15:22
LinuxSecurity.com: Acquired by Apple in 2015, the FoundationDB database architecture has officially gone open source, the company announced today. It's the latest move by Apple to open more of its non-secret software initiatives to public contributions, following earlier moves with its Swift programming language, cryptographic libraries, and benchmarking tools.
Kategorie: Hacking & Security

Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data

The Hacker News - 21 Duben, 2018 - 16:05
Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let LinkedIn users quickly fill in profile data, including their full name, phone number, email address,
Kategorie: Hacking & Security

Cybercrime Economy Generates $1.5 Trillion a Year

LinuxSecurity.com - 21 Duben, 2018 - 12:33
LinuxSecurity.com: If cybercrime was a country, it would have the 13th highest GDP in the world. Attackers generate $1.5 trillion in annual profit, which is about equal to the GDP of Russia, according to a new study on the interconnected economy of cybercrime.
Kategorie: Hacking & Security

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term

The Hacker News - 21 Duben, 2018 - 12:29
The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday. Kane Gamble, now 18, hacked into email accounts of former CIA director John Brennan, former Director of National Intelligence James Clapper, former FBI Deputy Director Mark Giuliano, and other senior FBI officials—all from his parent's
Kategorie: Hacking & Security

Email attacks continue to cause headaches for companies

LinuxSecurity.com - 21 Duben, 2018 - 12:23
LinuxSecurity.com: Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to a report by F-Secure.
Kategorie: Hacking & Security

Leveraging AI to protect our users and the web

Google Security Blog - 20 Duben, 2018 - 22:12
Posted by Elie Bursztein, Anti-Abuse Research Lead - Ian Goodfellow, Adversarial Machine Learning Research Lead

Recent advances in AI are transforming how we combat fraud and abuse and implement new security protections. These advances are critical to meeting our users’ expectations and keeping increasingly sophisticated attackers at bay, but they come with brand new challenges as well.

This week at RSA, we explored the intersection between AI, anti-abuse, and security in two talks.

Our first talk provided a concise overview of how we apply AI to fraud and abuse problems. The talk started by detailing the fundamental reasons why AI is key to building defenses that keep up with user expectations and combat increasingly sophisticated attacks. It then delved into the top 10 anti-abuse specific challenges encountered while applying AI to abuse fighting and how to overcome them. Check out the infographic at the end of the post for a quick overview of the challenges we covered during the talk.

Our second talk looked at attacks on ML models themselves and the ongoing effort to develop new defenses.

It covered attackers’ attempts to recover private training data, to introduce examples into the training set of a machine learning model to cause it to learn incorrect behaviors, to modify the input that a machine learning model receives at classification time to cause it to make a mistake, and more.

Our talk also looked at various defense solutions, including differential privacy, which provides a rigorous theoretical framework for preventing attackers from recovering private training data.

Hopefully you were to able to join us at RSA! But if not, here is re-recording and the slides of our first talk on applying AI to abuse-prevention, along with the slides from our second talk about protecting ML models.

Kategorie: Hacking & Security

CISSP: Development Environment Security Controls

InfoSec Institute Resources - 20 Duben, 2018 - 21:15

Introduction Cloud computing and mobile applications are radically changing the way we do business. Enterprises are building applications more rapidly than ever before, often using Agile development processes and then expanding their internal development programs with third-party software and open-source libraries and components that increase the overall threat exposure cumulatively. An application or software “vulnerability” […]

The post CISSP: Development Environment Security Controls appeared first on InfoSec Resources.

CISSP: Development Environment Security Controls was first posted on April 20, 2018 at 2:15 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How To Become CISA Certified – Certification Requirements

InfoSec Institute Resources - 20 Duben, 2018 - 19:18

Introduction CISA certification is designed for professionals who want to showcase their knowledge and experience in information system (IS) control, assurance and security. This certification by ISACA is globally recognized and is considered to be the gold standard. Having a certification like CISA gives you all the credibility you need to move forward in your […]

The post How To Become CISA Certified – Certification Requirements appeared first on InfoSec Resources.

How To Become CISA Certified – Certification Requirements was first posted on April 20, 2018 at 12:18 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Akamai CSO Talks Cryptominers, IoT and the Reemergence of Old Threats

Threatpost - 20 Duben, 2018 - 17:39
Andy Ellis, CSO Akamai, discusses how the company works with others within the cybersecurity landscape to help keep the internet safe.
Kategorie: Hacking & Security

Podcast: How Millions of Apps Leak Private Data

Threatpost - 20 Duben, 2018 - 17:24
Threatpost's Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about his discoveries this week at the RSA Conference.
Kategorie: Hacking & Security

HackerOne CEO Talks Bug Bounty Programs at RSA Conference

Threatpost - 20 Duben, 2018 - 15:03
Can bug bounty programs be designed to protect consumer privacy and how do programs balance white hat disclosure versus companies sitting on vulnerabilities until they are fixed?
Kategorie: Hacking & Security

RSA Conference has a leaky app… again!

Sophos Naked Security - 20 Duben, 2018 - 14:55
Cybersecurity conferences don't always practise what they preach.

Kingpin who made 100 million robocalls loses his voice

Sophos Naked Security - 20 Duben, 2018 - 14:45
The man behind a cacophony of robocalls had little to say for himself on Capitol Hill

Chrome anti-phishing protection… from Microsoft!

Sophos Naked Security - 20 Duben, 2018 - 14:30
If you can't beat 'em, join 'em.

Critical Unpatched RCE Flaw Disclosed in LG Network Storage Devices

The Hacker News - 20 Duben, 2018 - 14:22
If you have installed a network-attached storage device manufactured by LG Electronics, you should take it down immediately, read this article carefully and then take appropriate action to protect your sensitive data. A security researcher has revealed complete technical details of an unpatched critical remote command execution vulnerability in various LG NAS device models that could let
Kategorie: Hacking & Security

LinkedIn Fixes User Data Leak Bug

LinuxSecurity.com - 20 Duben, 2018 - 13:26
LinuxSecurity.com: LinkedIn has quietly patched a vulnerability which could have allowed malicious third parties to steal members' personal data.
Kategorie: Hacking & Security

How porn bots abuse government websites

Sophos Naked Security - 20 Duben, 2018 - 13:23
Bots run by shady websites are creating thousands of phantom pages

GitHub: New copyright rules could strangle software development

LinuxSecurity.com - 20 Duben, 2018 - 13:20
LinuxSecurity.com: Developer platform GitHub has warned that plans to stop copyright infringements online could have a major impact on open-source software development.
Kategorie: Hacking & Security
Syndikovat obsah