Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Google outs Windows flaw after Microsoft misses a patch deadline

Sophos Naked Security - 22 Únor, 2017 - 13:54
Google's move is the latest in a round of spats with Microsoft over its Project Zero initiative to nudge vendors into fixing flaws

Border agents could be forced to get a warrant before searching devices

Sophos Naked Security - 22 Únor, 2017 - 13:34
Senator warns that border agents' 'digital dragnets' are distracting them from actual threats

"Secure" Trump website defaced by hacker claiming to be from Iraq

LinuxSecurity.com - 22 Únor, 2017 - 12:45
LinuxSecurity.com: Someone calling themselves "Pro_Mast3r" managed to deface a server associated with President Donald Trump's presidential campaign fundraising on Sunday, The server, secure2.donaldjtrump.com, is behind Cloudflare's content management and security platform, and does not appear to be directly linked from the Trump Pence campaign's home page.
Kategorie: Hacking & Security

Java and Python FTP attacks can punch holes through firewalls

LinuxSecurity.com - 22 Únor, 2017 - 12:36
LinuxSecurity.com: The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.
Kategorie: Hacking & Security

5 open source security tools too good to ignore

LinuxSecurity.com - 22 Únor, 2017 - 12:34
LinuxSecurity.com: Open source is a wonderful thing. A significant chunk of today's enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that's changing.
Kategorie: Hacking & Security

Researchers offer simple scheme to stop the next Stuxnet

LinuxSecurity.com - 22 Únor, 2017 - 12:32
LinuxSecurity.com: One of the world's oldest programming styles, the ladder logic that runs on industrial programmable logic controllers, remains dangerously vulnerable to attack, according to boffins from Singapore and India.
Kategorie: Hacking & Security

Financial cyberthreats in 2016

Kaspersky Securelist - 22 Únor, 2017 - 09:55

In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used.

For example, the financial cybercrime group Carbanak and its followers, the so-called SWIFT hackers, have been able to steal millions of dollars from its roster of victims, which has included banks and other financial institutions. The benefits of this type of cybercrime are clear – going after the big fish means criminals can reap greater rewards. Even when the costs of preparing for, and executing, attacks against large organizations like this, are high.

Despite this trend, regular users and smaller and medium businesses cannot rest on their laurels. The number of attacked users of this calibre started to grow again in 2016, following a decline in 2014 and 2015. Our report provides an overview of the types of attack users are up against as the financial cyberthreat landscape continues to evolve.

Financial phishing attacks

Financial phishing is one of the most widespread types of cybercriminal activity and in 2016 we saw it become even more prevalent, increasing both in volume and in professionalism.

For the first time in 2016, the detection of phishing pages which mimicked legitimate banking services took first place in the overall chart – as criminals sought to trick their victims into believing they were looking at genuine banking content or entering their details into real banking systems.

  • In 2016 the share of financial phishing increased 13.14 percentage points to 47.48% of all phishing heuristic detections. This result is an all-time high according to Kaspersky Lab statistics for financial phishing caught on Windows-based machines.
  • Every fourth attempt to load a phishing page blocked by Kaspersky Lab products was related to banking phishing.

The percentage of financial phishing detected by Kaspersky Lab in 2014-2016

Banking malware:

In 2016 the number of users attacked with malware targeting financial data started increasing once more, following a decrease in 2014 and 2015.

  • In 2016 the number of users attacked with banking Trojans increased by 30.55% to reach 1,088,900.
  • 17.17% of users attacked with banking malware were corporate users.
  • Users in Russia, Germany, Japan, India, Vietnam and the US are the ones most often attacked by banking malware.
  • Zbot remained the most widespread banking malware family (44.08% of attacked users) but in 2016 it was actively challenged by the Gozi family (17.22%).

The trends show us that although professional cybercriminal groups have indeed shifted a lot of their attention to targeted attacks against large companies, regular users and smaller firms are still being targeted with the help of widespread malware including Zbot, Gozi, Nymaim, Shiotob, ZAccess, Tinba, Shiz and more.

The dynamic change in the number of users attacked with banking malware 2015-2016

Android banking malware:

Android banking Trojans deserve a mention in our financial cyberthreat report due to some particularly interesting activity. From mid-2016 we discovered that the number of attacked Android users was increasing at an exponential rate, from just 3,967 attacked users in January to around 75,000 in October 2016.

  • In 2016 the number of users that encountered Android malware increased 430% to reach 305,000 worldwide.
  • Russia, Australia and Ukraine are the countries with the highest percentage of users attacked by Android banking malware.

Interestingly we discovered that just two families of malware were responsible for this sudden change: Asacub and Svpeng, which affected a large number of users, most of whom were in Russia. While Asacub was distributed actively via SMS, Svpeng was spread through Google AdSense and took advantage of a security issue in a popular mobile browser.

The change in the number of users attacked with Android banking malware 2015-2016

It’s clear that financial cybercriminals are increasingly on the look-out for new ways to exploit users and extract money from them. Owners of Android-based devices should be extremely cautious when surfing the web – especially if they have financial applications installed.

But caution is advised for everyone. As predators become more persistent and as their methods grow more convincing, corporate users and home users alike – whatever type of device they use – need to be aware of the dangers and understand how to protect themselves from this ever-evolving cyberthreat landscape.

Fill out the form below to receive the full text of the Financial cyberthreats landscape in 2016 report.

MktoForms2.loadForm("//app-sj06.marketo.com", "802-IJN-240", 10140);

Microsoft releases update for Flash Player, but leaves two disclosed Flaws Unpatched

The Hacker News - 22 Únor, 2017 - 09:16
Microsoft on Tuesday released security update (KB 4010250) to patch flaws in Adobe Flash Player for its customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10, but two already disclosed flaws remain unpatched. Just last week, Microsoft announced that its February patches would be delayed until March due to a last minute issue, a move that led to Google
Kategorie: Hacking & Security

Live from RSA 2017 – the inside track [Chet Chat Podcast 258]

Sophos Naked Security - 22 Únor, 2017 - 02:14
Chester Wisniewski and John Shier share their thoughts from the floor of this year's RSA Conference in San Francisco.

Another option for file sharing

Google Security Blog - 22 Únor, 2017 - 00:28
Posted by Andrew Gerrand, Eric Grosse, Rob Pike, Eduardo Pinheiro and Dave Presotto, Google Software Engineers

Existing mechanisms for file sharing are so fragmented that people waste time on multi-step copying and repackaging. With the new project Upspin, we aim to improve the situation by providing a global name space to name all your files. Given an Upspin name, a file can be shared securely, copied efficiently without "download" and "upload", and accessed by anyone with permission from anywhere with a network connection.

Our target audience is personal users, families, or groups of friends. Although Upspin might have application in enterprise environments, we think that focusing on the consumer case enables easy-to-understand and easy-to-use sharing.

File names begin with the user's email address followed by a slash-separated Unix-like path name:ann@example.com/dir/file.Any user with appropriate permission can access the contents of this file by using Upspin services to evaluate the full path name, typically via a FUSE filesystem so that unmodified applications just work. Upspin names usually identify regular static files and directories, but may point to dynamic content generated by devices such as sensors or services.

If the user wishes to share a directory (the unit at which sharing privileges are granted), she adds a file called Access to that directory. In that file she describes the rights she wishes to grant and the users she wishes to grant them to. For instance,
read: joe@here.com, mae@there.comallows Joe and Mae to read any of the files in the directory holding the Access file, and also in its subdirectories. As well as limiting who can fetch bytes from the server, this access is enforced end-to-end cryptographically, so cleartext only resides on Upspin clients, and use of cloud storage does not extend the trust boundary.

Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an "app" or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network. Upspin is a layer of infrastructure that other software and services can build on to facilitate secure access and sharing. This is an open source contribution, not a Google product. We have not yet integrated with the Key Transparency server, though we expect to eventually, and for now use a similar technique of securely publishing all key updates. File storage is inherently an archival medium without forward secrecy; loss of the user's encryption keys implies loss of content, though we do provide for key rotation.

It’s early days, but we’re encouraged by the progress and look forward to feedback and contributions. To learn more, see the GitHub repository at upspin.
Kategorie: Hacking & Security

Data Stealing Malware TeamSpy Resurfaces in Spam Campaign

Threatpost - 21 Únor, 2017 - 22:08
After a nearly four-year respite, the data-stealing TeamSpy malware has resurfaced in a spam campaign.
Kategorie: Hacking & Security

OpenSSL Update Fixes High-Severity DoS Vulnerability

Threatpost - 21 Únor, 2017 - 22:02
US-CERT issues alert to server admins warning of a dangerous OpenSSL vulnerability and urges 1.1.0 users update to version 1.1.0e.
Kategorie: Hacking & Security

News in brief: Concern about Windows 10; Hacks cost Yahoo; PHP gets better crypto

Sophos Naked Security - 21 Únor, 2017 - 19:37
Your daily round-up of some of the other stories in the news

Google Discloses Unpatched Microsoft Vulnerability

Threatpost - 21 Únor, 2017 - 19:02
Google Project Zero researchers are warning of an unpatched Microsoft vulnerability in the Windows' GDI library that allows attackers to steal sensitive data from program memory.
Kategorie: Hacking & Security

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

The Hacker News - 21 Únor, 2017 - 18:45
This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical networks and
Kategorie: Hacking & Security

Google and Bing plan to bury pirated content

Sophos Naked Security - 21 Únor, 2017 - 17:17
From 1 June 2017 Google and Bing will to de-prioritise unlawful sharing sites

Rook Security on Online Extortion

Threatpost - 21 Únor, 2017 - 17:00
Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety.
Kategorie: Hacking & Security

Windows Botnet Spreading Mirai Variant

Threatpost - 21 Únor, 2017 - 16:51
A Windows-based botnet is spreading a Mirai variant that is also capable of spreading to Linux systems under certain conditions, Kaspersky Lab researchers said.
Kategorie: Hacking & Security
Syndikovat obsah