Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

S3 Ep102.5: “ProxyNotShell” Exchange bugs – an expert speaks [Audio + Text]

Sophos Naked Security - 1 Říjen, 2022 - 16:05
Who's affected, what you can do while waiting for Microsoft's patches, and how to plan your threat hunting...

Pay What You Want for This Collection of White Hat Hacking Courses

The Hacker News - 1 Říjen, 2022 - 09:00
Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer: pay what you want for one video course, andThe Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com
Kategorie: Hacking & Security

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

The Hacker News - 1 Říjen, 2022 - 08:36
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

The Hacker News - 1 Říjen, 2022 - 08:35
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitraryRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

New Malware Families Found Targeting VMware ESXi Hypervisors

The Hacker News - 30 Září, 2022 - 16:42
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

Sophos Naked Security - 30 Září, 2022 - 15:25
Double-play 0-day in Exchange - what you need to know, and what you can do

Cyber Attacks Against Middle East Governments Hide Malware in Windows logo

The Hacker News - 30 Září, 2022 - 13:52
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410 Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Enterprise Encryption for Linux

LinuxSecurity.com - 30 Září, 2022 - 13:15
It's no secret that the IT department has struggled with encryption for Linux devices many years due to a gap in the management and compliance capability available in their current Linux solution sets.
Kategorie: Hacking & Security

The Best Open Source Tools to Secure Your Linux Server

LinuxSecurity.com - 30 Září, 2022 - 13:00
While Linux does have a variety of security features to help make it safer, it's not impenetrable, which is why you need open-source tools to secure your Linux server.
Kategorie: Hacking & Security

Defenders Be Prepared: Cyberattacks Surge Against Linux Amid Cloud Migration

LinuxSecurity.com - 30 Září, 2022 - 13:00
Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.
Kategorie: Hacking & Security

New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

The Hacker News - 30 Září, 2022 - 12:20
A social engineering campaign leveraging job-themed lures is weaponizing a years-old remote code execution flaw in Microsoft Office to deploy Cobalt Strike beacons on compromised hosts. "The payload discovered is a leaked version of a Cobalt Strike beacon," Cisco Talos researchers Chetan Raghuprasad and Vanja Svajcer said in a new analysis published Wednesday. "The beacon configuration contains Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Why Organisations Need Both EDR and NDR for Complete Network Protection

The Hacker News - 30 Září, 2022 - 12:10
Endpoint devices like desktops, laptops, and mobile phones enable users to connect to enterprise networks and use their resources for their day-to-day work. However, they also expand the attack surface and make the organisation vulnerable to malicious cyberattacks and data breaches. Why Modern Organisations Need EDR According to the 2020 global risk report by Ponemon Institute, smartphones, The Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com
Kategorie: Hacking & Security

North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks

The Hacker News - 30 Září, 2022 - 12:02
A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, a threat Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

The Hacker News - 30 Září, 2022 - 11:01
Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution (RCE) when PowerShell is Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation

The Hacker News - 30 Září, 2022 - 06:25
Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. That's according to Vietnamese cybersecurity company GTSC, which discovered the shortcomings as part of its security monitoring and incident response efforts in August 2022. TheRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

S3 Ep102: How to avoid a data breach [Audio + Transcript]

Sophos Naked Security - 29 Září, 2022 - 20:45
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...

Brazilian Prilex Hackers Resurfaced With Sophisticated Point-of-Sale Malware

The Hacker News - 29 Září, 2022 - 16:15
A Brazilian threat actor known as Prilex has resurfaced after a year-long operational hiatus with an advanced and complex malware to steal money by means of fraudulent transactions. "The Prilex group has shown a high level of knowledge about credit and debit card transactions, and how software used for payment processing works," Kaspersky researchers said. "This enables the attackers to keep Ravie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

The Hacker News - 29 Září, 2022 - 14:00
A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried outRavie Lakshmananhttp://www.blogger.com/profile/10975661172932160797noreply@blogger.com
Kategorie: Hacking & Security

Five Steps to Mitigate the Risk of Credential Exposure

The Hacker News - 29 Září, 2022 - 13:45
Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for account takeover attacks, exposing organizations to breaches, ransomware, and data theft.  While CISOs are aware of growing identity threats and have multiple tools in their arsenal to help reduce the potential risk, theThe Hacker Newshttp://www.blogger.com/profile/16801458706306167627noreply@blogger.com
Kategorie: Hacking & Security

Star Labs Shares More Details on Its Upcoming StarFighter 4K Linux Laptop

LinuxSecurity.com - 29 Září, 2022 - 13:00
UK-based Linux hardware vendor Star Labs took to Twitter to share more details on its upcoming Linux laptop called StarFighter, which looks to the company's first notebook to feature a 4K display.
Kategorie: Hacking & Security
Syndikovat obsah