Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

CISA Domain 4: Information Systems Operations, Maintenance and Service Management

InfoSec Institute Resources - 13 Srpen, 2018 - 16:00

This domain aims to ensure the candidate has a sound understanding of the processes for information systems operations, service management, and disaster recovery. Operations IS Operations are the hub of the IS wheel and ensure systems, applications and infrastructure operate as and when required, meeting the requirements for which they were designed. Internal or external […]

The post CISA Domain 4: Information Systems Operations, Maintenance and Service Management appeared first on InfoSec Resources.

CISA Domain 4: Information Systems Operations, Maintenance and Service Management was first posted on August 13, 2018 at 9:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

DEF CON 2018: Voting Hacks Prompt Push Back from Election Officials, Vendors

Threatpost - 13 Srpen, 2018 - 15:56
The Vote Hacking Village invited attendees – including kids as young as six – to hack the voting infrastructure, including ballot machines, a voter database and more.
Kategorie: Hacking & Security

The IAPP

InfoSec Institute Resources - 13 Srpen, 2018 - 15:45

Introduction In the business world today, many customers are submitting their private information and data to organizations. The most typical forms of this very often include Social Security numbers, credit card information, banking, and other types of financial data, etc. One of the primary reasons why do this is for the sake of convenience, especially […]

The post The IAPP appeared first on InfoSec Resources.

The IAPP was first posted on August 13, 2018 at 8:45 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

The Ultimate Guide to DoD 8570

InfoSec Institute Resources - 13 Srpen, 2018 - 15:30

If you are either a systems security engineer or an IT security contractor who is interested in working for the DoD (Department of Defense), then you need to know about DoD Directive 8570. It is a baseline criterion for operating Department of Defense’s IT systems. Specifically put, it’s a policy designed by DoD’s Information Assurance […]

The post The Ultimate Guide to DoD 8570 appeared first on InfoSec Resources.

The Ultimate Guide to DoD 8570 was first posted on August 13, 2018 at 8:30 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CISA Domain 3: Information Systems Acquisition, Development and Implementation

InfoSec Institute Resources - 13 Srpen, 2018 - 15:15

The purpose of this element of CISA is to make sure candidates can assure the effective operation of the processes used for IS acquisition, development, and implementation. The domain covers six areas: Developing the business case IT supplier selection project management system development implementation readiness post implementation review Developing the business case Before starting any […]

The post CISA Domain 3: Information Systems Acquisition, Development and Implementation appeared first on InfoSec Resources.

CISA Domain 3: Information Systems Acquisition, Development and Implementation was first posted on August 13, 2018 at 8:15 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Earning CISA CPE Credits

InfoSec Institute Resources - 13 Srpen, 2018 - 15:00

The Certified Information Systems Auditor (CISA) credential, offered through ISACA, requires certified practitioners to attain continuing professional education (CPE). The CPE program is designed to ensure that CISAs maintain their current knowledge and proficiency in auditing, monitoring, assessing, and controlling information systems (IS). CISA CPE Guidelines CPE refers to professional development activities related to technical […]

The post Earning CISA CPE Credits appeared first on InfoSec Resources.

Earning CISA CPE Credits was first posted on August 13, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Siri is listening to you, but she’s NOT spying, says Apple

Sophos Naked Security - 13 Srpen, 2018 - 14:55
Apple's working to keep iPhones from eavesdropping on us, through privacy policies, short buffer windows, local storage, and app review.

Feds indict 12 for allegedly buying iPhones on other people’s dimes

Sophos Naked Security - 13 Srpen, 2018 - 14:43
They allegedly hacked into phone accounts, convinced retailers they were who they weren't, and upgraded to shiny new gadgets for small fees.

CISA Domain 2: Governance and Management of IT

InfoSec Institute Resources - 13 Srpen, 2018 - 14:30

Domain 1 readies the auditor for planning, performing and reporting an audit, and that knowledge is now put into practice by evaluating an organization’s governance and management controls. ISACA describe the role of the auditor in this area as ‘Assuring that the necessary leadership and organizational structures and processes are in place to achieve the […]

The post CISA Domain 2: Governance and Management of IT appeared first on InfoSec Resources.

CISA Domain 2: Governance and Management of IT was first posted on August 13, 2018 at 7:30 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

KeyPass ransomware

Kaspersky Securelist - 13 Srpen, 2018 - 14:21

In the last few days, our anti-ransomware module has been detecting a new variant of malware – KeyPass ransomware. Others in the security community have also noticed that this ransomware began to actively spread in August:

Notification from MalwareHunterTeam

Distribution model

According to our information, the malware is propagated by means of fake installers that download the ransomware module.

Description

The Trojan sample is written in C++ and compiled in MS Visual Studio. It was developed using the libraries MFC, Boost and Crypto++. The PE header contains a recent compilation date.

PE header with compilation date

When started on the victim’s computer, the Trojan copies its executable to %LocalAppData% and launches it. It then deletes itself from the original location.

Following that, it spawns several copies of its own process, passing the encryption key and victim ID as command line arguments.

Command line arguments

KeyPass enumerates local drives and network shares accessible from the infected machine and searches for all files, regardless of their extension. It skips files located in a number of directories, the paths to which are hardcoded into the sample.

The list of excluded paths

Every encrypted file gets an additional extension: “.KEYPASS” and ransom notes named “”!!!KEYPASS_DECRYPTION_INFO!!!.txt”” are saved in each processed directory.

The ransom note

Encryption scheme

The developers of this Trojan implemented a very simplistic scheme. The malware uses the symmetric algorithm AES-256 in CFB mode with zero IV and the same 32-byte key for all files. The Trojan encrypts a maximum of 0x500000 bytes (~5 MB) of data at the beginning of each file.

Part of the procedure that implements data encryption

Soon after launch, KeyPass connects to its command and control (C&C) server and receives the encryption key and the infection ID for the current victim. The data is transferred over plain HTTP in the form of JSON.

If the C&C is inaccessible (e.g. if the infected machine is not connected to the internet or the server is down), the Trojan uses a hardcoded key and ID, which means that in the case of offline encryption the decryption of the victim’s files will be trivial.

GUI

From our point of view, the most interesting feature of the KeyPass Trojan is the ability to take ‘manual control’. The Trojan contains a form that is hidden by default, but which can be shown after pressing a special button on the keyboard. This capability might be an indication that the criminals behind the Trojan intend to use it in manual attacks.

GUI of the trojan

This form allows the attacker to customize the encryption process by changing such parameters as:

  • encryption key
  • name of ransom note
  • text of ransom note
  • victim ID
  • extension of the encrypted files
  • list of paths to be excluded from the encryption

Paths excluded from encryption by default

Pseudocode of the procedure that shows the GUI by a keypress

Geography IOC

901d893f665c6f9741aa940e5f275952 – Trojan-Ransom.Win32.Encoder.n
hxxp://cosonar.mcdir.ru/get.php

In-flight satellite comms vulnerable to remote attack, researcher finds

Sophos Naked Security - 13 Srpen, 2018 - 14:11
On a journey between Madrid and Copenhagen, researcher Ruben Santamarta decided to use Wireshark to study the aircraft’s in-flight Wi-Fi.

The Problem with Passwords – Security Awareness (CyberSpeak Podcast)

InfoSec Institute Resources - 13 Srpen, 2018 - 13:00

This episode of the CyberSpeak with InfoSec Institute podcast goes into detail about the popular and often controversial topic of passwords. Susan Morrow has worked in the IT security sector since the early 1990s — working across diverse sectors such as file encryption, digital rights management, digital signing and online identity. In the podcast, Morrow and and […]

The post The Problem with Passwords – Security Awareness (CyberSpeak Podcast) appeared first on InfoSec Resources.

The Problem with Passwords – Security Awareness (CyberSpeak Podcast) was first posted on August 13, 2018 at 6:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

#DEFCON Vote Hacking Village Refute NASS 'Unfair' Claims

LinuxSecurity.com - 13 Srpen, 2018 - 11:40
LinuxSecurity.com: DEFCON has hit back at criticisms levied at it by the National Association of Secretaries of State (NASS) over the introduction of an area designed to test voting machines.
Kategorie: Hacking & Security

Butlin's Customers Face Anxious Holiday After Breach Alert

LinuxSecurity.com - 13 Srpen, 2018 - 11:37
LinuxSecurity.com: Tens of thousands of holidaymakers may be at a heightened risk from phishing attacks after Butlin's admitted a data breach affecting customers' personal information.
Kategorie: Hacking & Security

CZ.NIC: Váš domácí Wi-Fi router musí zastavit nejméně 250 útoků každý den

Zive.cz - bezpečnost - 13 Srpen, 2018 - 11:30
CZ.NIC se na svém blogu pochlubil nelichotivými čísly o útocích zejména na domácí routery. Jejich počet rok od roku roste o stovky procent, právě síťové krabičky v domácnostech totiž patří k těm nejzranitelnějším. Běžná maminka, tatínek nebo babička zpravidla nezvládnou aktualizaci firmwaru a ...
Kategorie: Hacking & Security

WhatsApp má nebezpečnou chybu, zprávy je možné zachytit a změnit

Novinky.cz - bezpečnost - 13 Srpen, 2018 - 11:28
Bezpečnostní experti z antivirové společnosti Check Point objevili novou zranitelnost v chatovací aplikaci WhatsApp, za kterou stojí společnost Facebook. Trhlinu mohou útočníci zneužít k tomu, aby zachytili odeslané zprávy a změnili je.
Kategorie: Hacking & Security

Monday review – the hot 19 stories of the week

Sophos Naked Security - 13 Srpen, 2018 - 11:04
From the unpopular Windows 10 updates and the Snapchat source code leaked on GitHub to the 'unhackable' BitFi hardware that got hacked, and more!

DEF CON 2018: Critical Bug Opens Millions of HP OfficeJet Printers to Attack

Threatpost - 13 Srpen, 2018 - 00:00
A malicious fax sent to an HP Inc. OfficeJet all-in-one inkjet printer can give hackers control of the printer and act as a springboard into an attached network environment.
Kategorie: Hacking & Security

DEF CON 2018: Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack

Threatpost - 12 Srpen, 2018 - 19:00
Apple 0-Day allows hackers to mimic mouse-clicks for kernel access, despite mitigations.
Kategorie: Hacking & Security
Syndikovat obsah