je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.


RSA 2017 – Day 1 – Roving Report [PODCAST]

Sophos Naked Security - 15 Únor, 2017 - 00:06
Join us as we find out from our "roving reporter" Bill Brenner how things are shaping up at this year's RSA Conference in San Francisco...

New Mac malware pinned on same Russian group blamed for election hacks

Ars Technica - 14 Únor, 2017 - 22:40

Enlarge (credit: Sumitcommunicationcyber)

APT28, the Russian hacking group tied to last year's interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs.

Like its counterparts for other platforms, the Mac version of Xagent is a modular backdoor that can be customized to meet the objectives of a given intrusion, researchers from antivirus provider Bitdefender reported in a blog post published Tuesday. Capabilities include logging passwords, snapping pictures of screen displays, and stealing iOS backups stored on the compromised Mac.

The discovery builds on the already considerable number of tools attributed to APT28, which other researchers call Sofacy, Sednit, Fancy Bear, and Pawn Storm. According to researchers at CrowdStrike and other security firms, APT28 has been operating since at least 2007 and is closely tied to the Russian government. An analysis Bitdefender published last year determined APT28 members spoke Russian, worked mostly during Russian business hours, and pursued targets located in Ukraine, Spain, Russia, Romania, the US, and Canada.

Read 4 remaining paragraphs | Comments

Kategorie: Hacking & Security

Cryptographers Dismiss AI, Quantum Computing Threats

Threatpost - 14 Únor, 2017 - 21:44
Cryptographers said at the RSA Conference Tuesday they’re skeptical that advances in quantum computing and artificial intelligence will profoundly transform computer security.
Kategorie: Hacking & Security

Amnesty International uncovers phishing campaign against human rights activists

Ars Technica - 14 Únor, 2017 - 19:05

Enlarge / A phishing e-mail aimed at worker rights activists in Qatar and Nepal crafted to fool targets into giving up their credentials. (credit: Amnesty International)

Over the course of the last year, a number of human rights organizations, labor unions, and journalists were targeted in a "phishing" campaign that attempted to steal the Google credentials of targets by luring them into viewing documents online. The campaign, uncovered by Amnesty International, is interesting largely because of the extent to which whoever was behind the attack used social media to create a complete persona behind the messages—a fictional rights activist named Safeena Malik.

Malik translates from Arabic as "King," so Amnesty International refers to the spear-phishing campaign in a report posted to Medium today as "Operation Kingphish."

The party or parties behind the operation created Facebook, Google, LinkedIn, and Twitter profiles for "Safeena Malik" using a young woman's photos, which were apparently harvested from another social media account. "It appears that the attackers may have impersonated the identity of a real young woman and stole her pictures to construct the fake profile," wrote Nex, a security researcher working with Amnesty International, "along with a professional biography also stolen from yet another person."

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Adobe Patches 13 Code Execution Vulnerabilities in Flash

Threatpost - 14 Únor, 2017 - 17:38
Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle.
Kategorie: Hacking & Security

No, you can’t get Verizon Unlimited free for 12 months

Sophos Naked Security - 14 Únor, 2017 - 16:45
Be careful not to get caught in the net of phishing scams masquerading as free data from a mobile phone provider

Nation States Distancing Themselves from APTs

Threatpost - 14 Únor, 2017 - 16:42
Increasingly, governments are outsourcing state-sponsored attacks to mitigate risk and maximize intelligence.
Kategorie: Hacking & Security

Ransomware attackers shift focus and resources to high-value sectors

Sophos Naked Security - 14 Únor, 2017 - 16:06
Perhaps unsurprisingly, the cyber-crooks are going after the sectors most likely to pay up: healthcare, government, critical infrastructure and small businesses

Nová technika webového fingerprintingu rozpozná na internetu přímo váš počítač. Ještě že je tak pomalá - bezpečnost - 14 Únor, 2017 - 15:40
Anonymita na webu se nejspíše stane ještě větší iluzí než dříve, výzkumníci z pensylvánské Lehigh University totiž demonstrovali novou techniku ( PDF ) fingerprintingu prohlížeče a počítače, která rozpozná surfaře nikoliv pouze podle jeho prohlížeče, ale rovnou počítače. To znamená, že i když ...
Kategorie: Hacking & Security

Twitter stumbles on safety feature as users push back

Sophos Naked Security - 14 Únor, 2017 - 15:27
Users push back on a plan by Twitter to ditch notifications on being added to lists

Researcher develops ransomware attack that targets water supply - 14 Únor, 2017 - 14:38 A security researcher is showing that it's not hard to hold industrial control systems for ransom. He's experimented with a simulated water treatment system based on actual programmable logic controllers (PLCs) and documented how these can be hacked.
Kategorie: Hacking & Security

CrowdStrike attempts to sue NSS Labs to prevent test release, court denies request - 14 Únor, 2017 - 14:35 Last week, before the start of the RSA conference in San Francisco, CrowdStrike filed for a restraining order and injunction in a federal court, seeking to prevent NSS Labs from releasing the results of a recent NSS' Advanced Endpoint Protection (AEP) group test.
Kategorie: Hacking & Security

New Born Macro Malware Dropping Rootkits Using a Fileless Infection Vector

InfoSec Institute Resources - 14 Únor, 2017 - 14:00

Getting Serious While Shamoon still shrieks “I am back” all over GCC countries, a completely new “bad boy” spam hits the servers. This VBScript malware document seems to be newborn or revamped, had no traces anywhere, at least while I am typing this. Various entities across GCC received several spam emails embedded with a malicious […]

The post New Born Macro Malware Dropping Rootkits Using a Fileless Infection Vector appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Malware Analysis with OllyDbg

InfoSec Institute Resources - 14 Únor, 2017 - 14:00

In this part of the article series, we will look how we can look at the inner workings of a malware. In part 1 and part 2 we have worked on the behavioral analysis of the specimen. In this article, we will look at the code level of specimen discussed in Part 2. We will […]

The post Malware Analysis with OllyDbg appeared first on InfoSec Resources.

Kategorie: Hacking & Security

RSA 2017: SophosLabs report examines Top 10 Android malware

Sophos Naked Security - 14 Únor, 2017 - 13:40
Android malware is on the rise according to the findings of Sophos Labs. We look at the top 10 malware families for the platform

Border guards force US citizen to unlock his NASA-owned work phone

Sophos Naked Security - 14 Únor, 2017 - 12:51
There's been an outcry at the experience of a NASA engineer detained on arrival in the US - but your rights if this happens to you aren't clear

Pozor na SMS zprávy. V Česku se přes ně šíří bankovní virus - bezpečnost - 14 Únor, 2017 - 12:05
Na pozoru by se měli mít lidé před SMS zprávami, které v posledních dnech obdrželi od neznámých zdrojů. Bezpečnostní experti antivirové společnosti Eset v úterý varovali před novou vlnou virů, které se šíří právě prostřednictvím SMS zpráv. Útočníci se snaží dostat se k penězům na cizích bankovních účtech.
Kategorie: Hacking & Security

Valentine’s day: what’s your secret technology crush?

Sophos Naked Security - 14 Únor, 2017 - 11:36
Naked Security writers reveal their secret security and technology crushes - but what's yours?
Syndikovat obsah