Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild

The Hacker News - 25 Listopad, 2021 - 09:10
Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this
Kategorie: Hacking & Security

Velmi smutný pohled na nejpoužívanější hesla světa. V Česku máme rádi třeba slovíčka martin a heslo

Zive.cz - bezpečnost - 25 Listopad, 2021 - 08:45
Správce hesel NordPass publikoval seznam 200 nejpoužívanějších hesel roku 2020. Jako zdroj posloužily různé zveřejněné úniky za poslední roky, které dohromady čítají 276 milionů záznamů. Podobných statistik jsme tu už měli požehnaně, NordPass ale svůj žebříček zpracoval i pro jednotlivé země ...
Kategorie: Hacking & Security

VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client

The Hacker News - 25 Listopad, 2021 - 06:09
VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system,
Kategorie: Hacking & Security

GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data

The Hacker News - 25 Listopad, 2021 - 05:52
Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange Commission (SEC), the world's largest domain registrar said that a malicious third-party managed to gain
Kategorie: Hacking & Security

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

The Hacker News - 25 Listopad, 2021 - 05:50
Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese
Kategorie: Hacking & Security

US government securities watchdog spoofed by investment scammers – don’t fall for it!

Sophos Naked Security - 24 Listopad, 2021 - 20:57
Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

Threatpost - 24 Listopad, 2021 - 18:28
A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.
Kategorie: Hacking & Security

GoDaddy Breach Widens to Include Reseller Subsidiaries

Threatpost - 24 Listopad, 2021 - 17:16
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.
Kategorie: Hacking & Security

Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker

Threatpost - 24 Listopad, 2021 - 16:55
Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes.
Kategorie: Hacking & Security

Po čtyřech hodinách u telefonu přišel senior z Olomouce o půl milionu korun

Novinky.cz - bezpečnost - 24 Listopad, 2021 - 16:03
Obětí podvodníků s kryptoměnou se stal počátkem týdne 82letý muž z Olomouce. Po čtyřhodinovém telefonátu, který začal gratulací k výhře bitcoinů, přišel o přibližně půl milionu korun.
Kategorie: Hacking & Security

Attackers Actively Target Windows Installer Zero-Day

Threatpost - 24 Listopad, 2021 - 15:09
Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.
Kategorie: Hacking & Security

Apple Sues Israel's NSO Group for Spying on iPhone Users With Pegasus Spyware

The Hacker News - 24 Listopad, 2021 - 13:10
Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as "notorious hackers — amoral 21st century mercenaries who have created highly sophisticated
Kategorie: Hacking & Security

AWS commits to update its own Linux every other year>

LinuxSecurity.com - 24 Listopad, 2021 - 13:00
Amazon Web Services has announced that it will release an updated version of its own Linux every two years, starting with Amazon Linux 2022, which it is previewing now. The SELinux security module is enabled and enforced by default in AL2022, but EC2 instances running the OS won't automatically implement patches or security updates. Users can instead choose to automate installation of packages, or patches, or both.
Kategorie: Hacking & Security

BIS: Loni došlo ke kyberútokům na politické strany. E-maily úředníků jsou problém

Zive.cz - bezpečnost - 24 Listopad, 2021 - 10:45
Ačkoliv lidé během pandemie začali ve zvýšené míře používat informační technologie, útočníci nijak zvlášť své metody nezměnili. Pořád se uchylují primárně k odesílání podvodných e-mailů a dalším osvědčeným postupům. Loni pak došlo k několika útokům na české politické strany a státní instituce, kde ...
Kategorie: Hacking & Security

APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users

The Hacker News - 24 Listopad, 2021 - 09:49
A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated new features into their malicious apps that make them more resilient to actions by users, who might try
Kategorie: Hacking & Security

Webinar and eBook: The Dark Side of EDR. Are You Prepared?

The Hacker News - 24 Listopad, 2021 - 08:54
Endpoint Detection and Response (EDR) platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to implementation so you can best prepare how to close the gaps. It's important to understand that each
Kategorie: Hacking & Security

Over 9 Million Android Phones Running Malware Apps from Huawei's AppGallery

The Hacker News - 24 Listopad, 2021 - 08:40
At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the
Kategorie: Hacking & Security

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

The Hacker News - 24 Listopad, 2021 - 07:54
A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service (DoS) condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox," the advisory reads. "Successful attacks of
Kategorie: Hacking & Security

Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast

Threatpost - 23 Listopad, 2021 - 22:09
That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky.
Kategorie: Hacking & Security

Check your patches – public exploit now out for critical Exchange bug

Sophos Naked Security - 23 Listopad, 2021 - 21:36
It was a zero-day bug until Patch Tuesday, now there's an anyone-can-use-it exploit. Don't be the one who hasn't patched.
Syndikovat obsah