Hacking & Security

Secure Docker on Linux or Windows platforms

LinuxSecurity.com - 20 Září, 2016 - 12:38
LinuxSecurity.com: With Docker appearing in businesses of all shapes and sizes, security is a concern for many IT admins. Here's how to secure Docker on the container or the host machine.
Kategorie: Hacking & Security

Kali Linux 2016.2 Delivers New Security Testing Options

LinuxSecurity.com - 20 Září, 2016 - 12:37
LinuxSecurity.com: A year ago, Kali Linux moved to a rolling release cycle in an effort to provide a continuous stream of application updates. Kali Linux is a popular open-source Linux distribution for security professionals, loaded with a growing list of tools for information gathering, vulnerability analysis, web application analysis, database assessment, password attacks, wireless attacks and reverse engineering.
Kategorie: Hacking & Security

Is Debian the gold standard for Linux security?

LinuxSecurity.com - 20 Září, 2016 - 12:35
LinuxSecurity.com: Security is an important priority for all users, even those who run Linux as their preferred operating system. One redditor wondered in a recent discussion thread if Debian should be considered the gold standard for Linux security.
Kategorie: Hacking & Security

Russia, Others Indeed Could Hack The Vote

LinuxSecurity.com - 20 Září, 2016 - 12:33
LinuxSecurity.com: With less than 50 days until Americans cast their votes for a new President on Election Day, once-distant concerns of hackers disrupting the voting process are increasingly becoming a heightened concern.
Kategorie: Hacking & Security

Vyděračské viry ještě neřekly poslední slovo. Nová verze straší neuhrazenými pohledávkami

Novinky.cz - bezpečnost - 20 Září, 2016 - 11:21
Různé verze vyděračských virů, které jsou souhrnně označovány jako ransomware, terorizují uživatele už několik let. Na řadu z nich sice bezpečnostní experti našli lék, kyberzločinci však stále vytvářejí nové a nové verze. Škodlivé kódy, které tahají z uživatelů nemalé peníze, tak rozhodně ještě neřekly poslední slovo.
Kategorie: Hacking & Security

How one man could have deleted any Facebook page

Sophos Naked Security - 20 Září, 2016 - 10:59
Arun Sureshkumar netted himself a $16,000 bug bounty for a zero-day vulnerability in Facebook Business Manager.

Cisco finds new Zero-Day Exploit linked to NSA Hackers

The Hacker News - 20 Září, 2016 - 09:55
Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA's hacking exploits and implants leaked by the group calling itself "The Shadow Brokers." Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA's Equation Group, which was designed to target
Kategorie: Hacking & Security

Vymazat se z internetu není možné, velkou část osobního obsahu však odstranit můžete

Zive.cz - bezpečnost - 20 Září, 2016 - 09:04
** Online stopy i se svým jménem zanechá většina uživatelů internetu ** Jejich smazání nikdy nebude stoprocentní ** Poradíme, jak odstranit jejich větší část
Kategorie: Hacking & Security

Mozilla Patching Firefox Certificate Pinning Vulnerability

Threatpost - 19 Září, 2016 - 22:03
Mozilla is expected tomorrow to patch a critical certificate pinning vulnerability in Firefox’s automated update process for extensions.
Kategorie: Hacking & Security

Facebook Fixes Vulnerability That Led to Account Takeover, Pays Researcher $16K

Threatpost - 19 Září, 2016 - 21:04
Facebook quickly resolved a vulnerability in its Business Manager late last month that could have let an attacker take over any Facebook page.
Kategorie: Hacking & Security

Spyware Targeting Overseas Travelers Removed from Google Play

Threatpost - 19 Září, 2016 - 20:03
Spyware targeting overseas travelers seeking embassy information gets the boot from Google Play store after a security firm identifies four rogue apps.
Kategorie: Hacking & Security

Oracle koupilo startup Palerra pro posílení bezpečnosti podnikových aplikací

Zive.cz - bezpečnost - 19 Září, 2016 - 19:17
V rámci letošní konference Oracle Open World bylo představeno mnoho novinek z oblasti produktů a služeb, které mají jasný směr – cloud. Mezi důležitými oznámeními byla i akvizice bezpečnostního startupu Palerra . Se stále větším množstvím dat na jednom místě- ať už jde o lokální servery nebo ...
Kategorie: Hacking & Security

FBI or no FBI – how one man says he can crack an iPhone for less than $100

Sophos Naked Security - 19 Září, 2016 - 18:56
The FBI said it wasn't possible but a University of Cambridge researcher has proved them wrong.

Moving towards a more secure web

Google Security Blog - 19 Září, 2016 - 18:10
Posted by Emily Schechter, Chrome Security Team
To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

Chrome currently indicates HTTP connections with a neutral indicator. This doesn’t reflect the true lack of security for HTTP connections. When you load a website over HTTP, someone else on the network can look at or modify the site before it gets to you.

A substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. We recently hit a milestone with more than half of Chrome desktop page loads now served over HTTPS. In addition, since the time we released our HTTPS report in February, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS.

Studies show that users do not perceive the lack of a “secure” icon as a warning, but also that users become blind to warnings that occur too frequently. Our plan to label HTTP sites more clearly and accurately as non-secure will take place in gradual steps, based on increasingly stringent criteria. Starting January 2017, Chrome 56 will label HTTP pages with password or credit card form fields as "not secure," given their particularly sensitive nature.

In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
We will publish updates to this plan as we approach future releases, but don’t wait to get started moving to HTTPS. HTTPS is easier and cheaper than ever before, and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.
Kategorie: Hacking & Security

Cisco Warns of IOS Flaw Vulnerable to ShadowBrokers Attack

Threatpost - 19 Září, 2016 - 17:41
Cisco has issued an advisory warning its customers that products running its IOS software are vulnerable to attacks disclosed by the ShadowBrokers
Kategorie: Hacking & Security

324,000 payment cards breached, CVVs included

Sophos Naked Security - 19 Září, 2016 - 17:01
When you decide to add debugging logs to your payment application, the PCI DSS rules about what you are allowed to store DO NOT CHANGE!

Bullocks need privacy too! Google Street View blurs ruminant’s face

Sophos Naked Security - 19 Září, 2016 - 16:45
It's not a cow. It's a bullock. We know that because it was a nude photo. Would that make it unacceptable on Facebook?

Mooncake thieves fired from Alibaba’s infosec department

Sophos Naked Security - 19 Září, 2016 - 16:22
Mooncakes: they're like Christmas fruitcakes, except that the recipients actually eat them.

Password-protect your Wi-Fi hotspots and ask for user details too, rules ECJ

Sophos Naked Security - 19 Září, 2016 - 16:13
The ECJ has ruled that Wi-Fi hotspot operators aren’t liable for copyright infringements, but they may have to demand users' identities and password-protect their networks.

Ředitel FBI radí: Zakryjte si webkameru na počítači, mohou vás sledovat

Zive.cz - bezpečnost - 19 Září, 2016 - 15:57
Na odborné konferenci se zeptali přizvaného ředitele americké FBI, Jamese Comeye, zda má stále na svém počítači přelepenou webkameru. Ten následně potvrdil, že ano a vyzývá i ostatní lidi, aby si na svých počítačích zakryli objektiv webové kamery, upozornil web Gizmodo.com. Přelepování kamer je ...
Kategorie: Hacking & Security
Syndikovat obsah