je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.


Populární přehrávač Flash Player je opět děravý. Chybu mohou zneužít hackeři - bezpečnost - 16 Březen, 2018 - 14:02
V pořadí již druhou kritickou bezpečnostní chybu oblíbeného internetového přehrávače Flash Player musí během jediného měsíce řešit společnost Adobe. Trhlina otevírá v podstatě zadní vrátka do celého operačního systému. S instalací opravy by tak uživatelé neměli otálet.
Kategorie: Hacking & Security

YouTuber jailed after shooting boyfriend dead in failed prank

Sophos Naked Security - 16 Březen, 2018 - 12:44
In a horrific example of what people will do to go viral, she shot him from a foot away while he held up a thick book.

Počet kybernetických útoků na finanční podniky se za pět let ztrojnásobil - bezpečnost - 16 Březen, 2018 - 12:30
Ve finančních službách se za posledních pět let celosvětově ztrojnásobil počet kybernetických útoků, vyplývá ze studie společností Accenture a Ponemon Institute. Pojišťovny začaly firmám i obyčejným uživatelům nabízet speciální pojištění kybernetických rizik. Česká policie se loni zabývala 6424 případy kybernetické kriminality, což je o 1080 případů více než v roce 2016.
Kategorie: Hacking & Security

yescrypt - modern KDF and password hashing scheme - 16 Březen, 2018 - 12:22 yescrypt is a password-based key derivation function (KDF) and password hashing scheme. It builds upon Colin Percival's scrypt and includes classic scrypt, a minor extension of scrypt known as YESCRYPT_WORM (named that for "write once, read [potentially] many [times]", which is how scrypt works), and the full native yescrypt also known as YESCRYPT_RW (for "read-write").
Kategorie: Hacking & Security

The Chrome extension that knows its you by the way you type - 16 Březen, 2018 - 12:10 Using multi-factor authentication (MFA) is more secure than relying on passwords alone - but could it be made even better?
Kategorie: Hacking & Security

Warning - 3 Popular VPN Services Are Leaking Your IP Address - 16 Březen, 2018 - 12:09 Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data.
Kategorie: Hacking & Security

Facebook: we won’t share data with WhatsApp (yet)

Sophos Naked Security - 16 Březen, 2018 - 12:02
Facebook has signed a public commitment to keep its mitts off Whatsapp user data sharing, until it can do so legally.

Plugins for Popular Text Editors Could Help Hackers Gain Elevated Privileges

The Hacker News - 16 Březen, 2018 - 08:47
Whether you're a developer, designer or a writer, a good text editor always help you save time and make you work more efficiently. For example, I use Sublime a lot while programming because it includes some useful tools like 'syntax highlighting' and 'autocomplete' that every advanced text editor should have. Moreover, these advanced text editors also offer users extensibility, allowing
Kategorie: Hacking & Security

Warning – 3 Popular VPN Services Are Leaking Your IP Address

The Hacker News - 16 Březen, 2018 - 06:36
Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data. VPN, or Virtual Private Network, is a great way to protect your daily online activities that work by encrypting your data and boosting security, as well as useful to obscure your actual IP address. While some choose VPN services for online anonymity and
Kategorie: Hacking & Security

GandCrab Ransomware Crooks Take Agile Development Approach

Threatpost - 15 Březen, 2018 - 23:01
Despite setbacks hackers behind GandCrab malware are pushing ahead with lucrative new ransomware strain thanks to quick-and-dirty agile development approach.
Kategorie: Hacking & Security

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

Threatpost - 15 Březen, 2018 - 22:47
A Walmart jewelry partners' misconfigured AWS S3 bucket left personal details and contact information of 1.3 million customers in plain sight.
Kategorie: Hacking & Security

Hyperbole Swirls Around AMD Processor Security Threat

Threatpost - 15 Březen, 2018 - 20:30
Security community takes a critical look at CTS-Labs' disclosure of vulnerabilities in AMD vulnerabilities found in EPYC servers, Ryzen workstationsm and Ryzen mobile offerings.
Kategorie: Hacking & Security

Pre-Installed Malware Found On 5 Million Popular Android Phones

The Hacker News - 15 Březen, 2018 - 19:22
Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide. Dubbed RottenSys, the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain
Kategorie: Hacking & Security

Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips

Ars Technica - 15 Březen, 2018 - 19:00

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)

Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and certain variants of the Spectre attack. So, too, will a range of processors using the same 8th generation Core branding that some processors are already using.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.

The Spectre attack has two variants, numbered version 1 and version 2. Spectre version 1 attacks will need software fixes, and the nature of these attacks means that they may always need software fixes. Applications that try to build sandboxes—locked-down environments used for running potentially hostile code, such as JavaScript in the browser—will need to be examined and updated to provide robust protection against Spectre version 1.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Iran-Linked Group ‘TEMP.Zagros’ Updates Tactics, Techniques In Latest Campaign

Threatpost - 15 Březen, 2018 - 17:37
An Iran-linked group is linked to a massive spear phishing campaign that sends malicious Word Docs to victims in Asia and the Middle East.
Kategorie: Hacking & Security

CompTIA Certification Training — Get 14 Courses For Only $59

The Hacker News - 15 Březen, 2018 - 14:55
The Information Technology industry has witnessed exponential growth over the years, and if you want to be a part of this growing industry, it's important for you to earn certificates in this field. Organisations always prefer employees with strong internationally-recognized professional certifications that proof your skills, knowledge, and what you know—giving you more credibility and
Kategorie: Hacking & Security

YouTube conspiracy videos to get links to Wikipedia and other sources

Sophos Naked Security - 15 Březen, 2018 - 14:14
Not all controversial conspiracy videos are getting this treatment, which will begin in coming months. Only those with "significant debate."

Firefox makes it easy to banish push notifications

Sophos Naked Security - 15 Březen, 2018 - 14:09
The latest version of Firefox, version 59, contains a setting designed to let users control the bane of intrusive push notification requests.

Android Security 2017 Year in Review

Google Security Blog - 15 Březen, 2018 - 14:00
Posted by Dave Kleidermacher, Vice President of Security for Android, Play, ChromeOS

Our team’s goal is simple: secure more than two billion Android devices. It’s our entire focus, and we’re constantly working to improve our protections to keep users safe.
Today, we’re releasing our fourth annual Android Security Year in Review. We compile these reports to help educate the public about the many different layers of Android security, and also to hold ourselves accountable so that anyone can track our security work over time.
We saw really positive momentum last year and this post includes some, but not nearly all, of the major moments from 2017. To dive into all the details, you can read the full report at:

Google Play Protect

In May, we announced Google Play Protect, a new home for the suite of Android security services on nearly two billion devices. While many of Play Protect’s features had been securing Android devices for years, we wanted to make these more visible to help assure people that our security protections are constantly working to keep them safe.

Play Protect’s core objective is to shield users from Potentially Harmful Apps, or PHAs. Every day, it automatically reviews more than 50 billion apps, other potential sources of PHAs, and devices themselves and takes action when it finds any.

Play Protect uses a variety of different tactics to keep users and their data safe, but the impact of machine learning is already quite significant: 60.3% of all Potentially Harmful Apps were detected via machine learning, and we expect this to increase in the future.
Protecting users' devicesPlay Protect automatically checks Android devices for PHAs at least once every day, and users can conduct an additional review at any time for some extra peace of mind. These automatic reviews enabled us to remove nearly 39 million PHAs last year.
We also update Play Protect to respond to trends that we detect across the ecosystem. For instance, we recognized that nearly 35% of new PHA installations were occurring when a device was offline or had lost network connectivity. As a result, in October 2017, we enabled offline scanning in Play Protect, and have since prevented 10 million more PHA installs.

Preventing PHA downloadsDevices that downloaded apps exclusively from Google Play were nine times less likely to get a PHA than devices that downloaded apps from other sources. And these security protections continue to improve, partially because of Play Protect’s increased visibility into newly submitted apps to Play. It reviewed 65% more Play apps compared to 2016.
Play Protect also doesn’t just secure Google Play—it helps protect the broader Android ecosystem as well. Thanks in large part to Play Protect, the installation rates of PHAs from outside of Google Play dropped by more than 60%.

Security updates

While Google Play Protect is a great shield against harmful PHAs, we also partner with device manufacturers to make sure that the version of Android running on users' devices is up-to-date and secure.
Throughout the year, we worked to improve the process for releasing security updates, and 30% more devices received security patches than in 2016. Furthermore, no critical security vulnerabilities affecting the Android platform were publicly disclosed without an update or mitigation available for Android devices. This was possible due to the Android Security Rewards Program, enhanced collaboration with the security researcher community, coordination with industry partners, and built-in security features of the Android platform.

New security features in Android Oreo

We introduced a slew of new security features in Android Oreo: making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, hardening the kernel, and more.
We highlighted many of these over the course of the year, but some may have flown under the radar. For example, we updated the overlay API so that apps can no longer block the entire screen and prevent you from dismissing them, a common tactic employed by ransomware.

Openness makes Android security stronger

We’ve long said it, but it remains truer than ever: Android’s openness helps strengthen our security protections. For years, the Android ecosystem has benefitted from researchers’ findings, and 2017 was no different.
Security reward programsWe continued to see great momentum with our Android Security Rewards program: we paid researchers $1.28 million dollars, pushing our total rewards past $2 million dollars since the program began. We also increased our top-line payouts for exploits that compromise TrustZone or Verified Boot from $50,000 to $200,000, and remote kernel exploits from $30,000 to $150,000.
In parallel, we introduced Google Play Security Rewards Program and offered a bonus bounty to developers that discover and disclose select critical vulnerabilities in apps hosted on Play to their developers.
External security competitionsOur teams also participated in external vulnerability discovery and disclosure competitions, such as Mobile Pwn2Own. At the 2017 Mobile Pwn2Own competition, no exploits successfully compromised the Google Pixel. And of the exploits demonstrated against devices running Android, none could be reproduced on a device running unmodified Android source code from the Android Open Source Project (AOSP).

We’re pleased to see the positive momentum behind Android security, and we’ll continue our work to improve our protections this year, and beyond. We will never stop our work to ensure the security of Android users.
Kategorie: Hacking & Security

Anti-anti-virus service provider tied to huge hacks cops plea

Sophos Naked Security - 15 Březen, 2018 - 13:51
Jurijs Martisevs pled guilty to running a clearinghouse for criminal developers to see if anti-virus programs would detect their malware.
Syndikovat obsah