Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

ThreatList: Financial-Themed Phishing Hooks Targets in Q2

Threatpost - 15 Srpen, 2018 - 15:15
In addition to traditional phishing, fraudulent cryptocurrency offers pose a rising trend.
Kategorie: Hacking & Security

Are your Android apps listening to you?

Sophos Naked Security - 15 Srpen, 2018 - 14:59
This simple setup will help you discover if your apps are listening in on you.

Your smart air conditioner could contribute to mass power outages

Sophos Naked Security - 15 Srpen, 2018 - 14:20
Researchers call the scenario BlackIoT: an IoT botnet of high-wattage devices that could crash the power grid.

FBI warns of choreographed ATM drainage

Sophos Naked Security - 15 Srpen, 2018 - 13:09
This type of multinational ATM cashout could drain cash machines of millions within the span of hours.

Podcast: Bugcrowd Founder on Printer Bugs, IoT Bounty Hunting and New VDP Project

Threatpost - 15 Srpen, 2018 - 13:00
Bugcrowd's CTO and founder Casey Ellis talked to Threatpost about the recently launched HP printer bug bounty program.
Kategorie: Hacking & Security

Bezpečnostní expert: Firmy už nás mají přečtené víc než stát

Novinky.cz - bezpečnost - 15 Srpen, 2018 - 12:05
Daniel Bagge je odborník na kybernetickou bezpečnost z Národního kybernetického úřadu. Podle něj lidé na sociálních sítích a internetu o sobě nechávají tolik citlivých informací, že z nich firmy umí udělat psychologický profil, a ten použít na cokoliv.
Kategorie: Hacking & Security

Former Microsoft Engineer Gets Prison for Role in Reveton Ransomware

The Hacker News - 15 Srpen, 2018 - 11:28
A former Microsoft network engineer who was charged in April this year has now been sentenced to 18 months in prison after pleading guilty to money laundering in connection with the Reveton ransomware. Reveton malware is old ransomware, also known as scareware or police ransomware that instead of encrypting files locks the screen of victims’ computers and displays a message purporting to come
Kategorie: Hacking & Security

Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered

The Hacker News - 15 Srpen, 2018 - 09:40
2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF, the new attacks include
Kategorie: Hacking & Security

Jedenáctiletý hacker zdolal volební systém USA za pouhých deset minut

Novinky.cz - bezpečnost - 15 Srpen, 2018 - 09:16
Deset minut trvalo jedenáctiletému americkému chlapci, aby s využitím hackerských technik pronikl do modelu volebních výsledků státu Florida. Podle agentury Reuters byl jedním z 35 dětí, které se zapojily do testu bezpečnostního zajištění amerických volebních procedur.
Kategorie: Hacking & Security

Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Threatpost - 14 Srpen, 2018 - 22:42
Microsoft rolled out 60 patches for its Patch Tuesday release, impacting 19 critical flaws and 39 important flaws.
Kategorie: Hacking & Security

Victims Lose Access to Thousands of Photos as Instagram Hack Spreads

Threatpost - 14 Srpen, 2018 - 22:30
In a probable quest to build a botnet, someone is hacking Instagram accounts, deleting handles, avatars and personal details, and linking them to a new email address.
Kategorie: Hacking & Security

Intel CPUs Undermined By Fresh Speculative Execution Flaws

Threatpost - 14 Srpen, 2018 - 21:24
'Foreshadow" and other vulnerabilities in Intel processors can be exploited to steal sensitive information stored inside personal computers or personal clouds.
Kategorie: Hacking & Security

Intel’s SGX blown wide open by, you guessed it, a speculative execution attack

Ars Technica - 14 Srpen, 2018 - 21:18

Foreshadow explained in a video.

Another day, another speculative execution-based attack. Data protected by Intel's SGX—data that's meant to be protected even from a malicious or hacked kernel—can be read by an attacker thanks to leaks enabled by speculative execution.

Since publication of the Spectre and Meltdown attacks in January this year, security researchers have been taking a close look at speculative execution and the implications it has for security. All high-speed processors today perform speculative execution: they assume certain things (a register will contain a particular value, a branch will go a particular way) and perform calculations on the basis of those assumptions. It's an important design feature of these chips that's essential to their performance, and it has been for 20 years.

But Meltdown and Spectre showed that speculative execution has security implications. Meltdown (on most Intel and some ARM processors) allows user applications to read the contents of kernel memory. Spectre (on most Intel, AMD, and ARM chips) can be used to attack software sandboxes used for JavaScript in browsers and, under the right conditions, can allow kernel memory or hypervisor memory to be read. In the months since they were first publicized, we've seen new variants: speculative store bypass, speculative buffer overflows, and even a remotely exploitable version of Spectre.

Read 22 remaining paragraphs | Comments

Kategorie: Hacking & Security

Microsoft Releases Patches for 60 Flaws—Two Under Active Attack

The Hacker News - 14 Srpen, 2018 - 20:36
Get your update caps on. Just a few minutes ago Microsoft released its latest monthly Patch Tuesday update for August 2018, patching a total of 60 vulnerabilities, of which 19 are rated as critical. The updates patch flaws in Microsoft Windows, Edge Browser, Internet Explorer, Office, ChakraCore, .NET Framework, Exchange Server, Microsoft SQL Server and Visual Studio. Two of these
Kategorie: Hacking & Security

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Threatpost - 14 Srpen, 2018 - 19:09
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.
Kategorie: Hacking & Security

Google Services Track User Movements In Privacy Faux Pas

Threatpost - 14 Srpen, 2018 - 19:04
A recent report found that Google services - with functions like checking maps, the weather, and search - are tracking users even when they deny permission.
Kategorie: Hacking & Security
Syndikovat obsah