Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Program Looks to Tap Military Vets for Cyber-Jobs

Threatpost - 7 Listopad, 2018 - 20:26
The training and job-matching effort is a public-private partnership to address a growing workforce gap.
Kategorie: Hacking & Security

WordPress Flaw Opens Millions of WooCommerce Shops to Takeover

Threatpost - 7 Listopad, 2018 - 17:33
A file delete vulnerability in WordPress can be elevated into a remote code execution vulnerability for plugins like WooCommerce.
Kategorie: Hacking & Security

Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw

Threatpost - 7 Listopad, 2018 - 17:23
A sophisticated proxy code has infected hundreds of thousands of devices already.
Kategorie: Hacking & Security

Voting machine manual tells officials to reuse weak passwords

Sophos Naked Security - 7 Listopad, 2018 - 14:06
The manual turns good advice on its head, telling officials to use, reuse and recycle weak passwords.

Serious XSS flaw discovered in Evernote for Windows, update now!

Sophos Naked Security - 7 Listopad, 2018 - 13:36
Online-note-sharing company Evernote has patched a hole that allowed attackers to infect notes shared via its service.

Čína možná roky odposlouchává podstatnou část internetu

Zive.cz - bezpečnost - 7 Listopad, 2018 - 12:19
Představte si, že budete sedět ve své kanceláři v Los Angeles a do prohlížeče naťukáte webovou adresu své pobočky ve Washingtonu. Za běžných okolností by měly pakety cestovat v podstatě přímou cestou na východní pobřeží, u některých operátorů, třeba Verizonu, tomu tak ale v minulosti ...
Kategorie: Hacking & Security

WhatsApp ‘martinelli’ warning is a hoax, don’t forward it

Sophos Naked Security - 7 Listopad, 2018 - 12:08
A WhatsApp chain letter is warning of a malware-packing video called "martinelli", and selling its lie with a grain of truth.

Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

The Hacker News - 7 Listopad, 2018 - 10:01
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the
Kategorie: Hacking & Security

This MIT PhD Wants to Replace America's Broken Voting Machines with Open Source Software, Chromebook

LinuxSecurity.com - 7 Listopad, 2018 - 08:15
LinuxSecurity.com: Tuesday morning, as millions of Americans lined up at their polling places to participate in the often quite literally broken democratic process, a new Twitter account tweeted a link to a short manifesto: "today's voting machines are often insecure, not particularly easy-to-use, and so expensive that they're often used much longer than they were designed for and election officials are forced to hunt for replacement parts on eBay. The market has failed us."
Kategorie: Hacking & Security

Apache Struts vulnerability would allow system take over

LinuxSecurity.com - 7 Listopad, 2018 - 08:11
LinuxSecurity.com: The Apache Software Foundation released an advisory addressing a vulnerability in Apache Struts which could allow a remote attacker to take control of an affected system.
Kategorie: Hacking & Security

HSBC Data Breach Hits Online Banking Customers

Threatpost - 6 Listopad, 2018 - 23:53
The data breach includes names, addresses, transaction histories, account information and more.
Kategorie: Hacking & Security

Android November update fixes flaws galore

Sophos Naked Security - 6 Listopad, 2018 - 22:46
Android's November security bulletin is here and there’s more to patch, and more urgency about applying them.

A New Chapter for OSS-Fuzz

Google Security Blog - 6 Listopad, 2018 - 22:11
Posted by Matt Ruhstaller, TPM and Oliver Chang, Software Engineer, Google Security Team

Open Source Software (OSS) is extremely important to Google, and we rely on OSS in a variety of customer-facing and internal projects. We also understand the difficulty and importance of securing the open source ecosystem, and are continuously looking for ways to simplify it.

For the OSS community, we currently provide OSS-Fuzz, a free continuous fuzzing infrastructure hosted on the Google Cloud Platform. OSS-Fuzz uncovers security vulnerabilities and stability issues, and reports them directly to developers. Since launching in December 2016, OSS-Fuzz has reported over 9,000 bugs directly to open source developers.

In addition to OSS-Fuzz, Google's security team maintains several internal tools for identifying bugs in both Google internal and Open Source code. Until recently, these issues were manually reported to various public bug trackers by our security team and then monitored until they were resolved. Unresolved bugs were eligible for the Patch Rewards Program. While this reporting process had some success, it was overly complex. Now, by unifying and automating our fuzzing tools, we have been able to consolidate our processes into a single workflow, based on OSS-Fuzz. Projects integrated with OSS-Fuzz will benefit from being reviewed by both our internal and external fuzzing tools, thereby increasing code coverage and discovering bugs faster.

We are committed to helping open source projects benefit from integrating with our OSS-Fuzz fuzzing infrastructure. In the coming weeks, we will reach out via email to critical projects that we believe would be a good fit and support the community at large. Projects that integrate are eligible for rewards ranging from $1,000 (initial integration) up to $20,000 (ideal integration); more details are available here. These rewards are intended to help offset the cost and effort required to properly configure fuzzing for OSS projects. If you would like to integrate your project with OSS-Fuzz, please submit your project for review. Our goal is to admit as many OSS projects as possible and ensure that they are continuously fuzzed.

Once contacted, we might provide a sample fuzz target to you for easy integration. Many of these fuzz targets are generated with new technology that understands how library APIs are used appropriately. Watch this space for more details on how Google plans to further automate fuzz target creation, so that even more open source projects can benefit from continuous fuzzing.

Thank you for your continued contributions to the Open Source community. Let’s work together on a more secure and stable future for Open Source Software.
Kategorie: Hacking & Security

ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers

Threatpost - 6 Listopad, 2018 - 21:51
One-third of respondents in a new poll said that have been a victim of fraud or identity theft in the past.
Kategorie: Hacking & Security

The Pirate Bay Like 9 Best Torrent Sites (Updated Nov 2018)

The Hacker News - 6 Listopad, 2018 - 19:35
The Pirate Bay torrent search engine is one of the world's most famous and best torrent sites. But it has been caught second time mining digital currencies using visitors' computers. Like many popular torrent sites, the pirate bay also uses mining to make money without informing its users. But this time a tiny message on its homepage clarifies some terms of service but gives no option to
Kategorie: Hacking & Security

Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed

Threatpost - 6 Listopad, 2018 - 18:08
Firmware updates won't address the problem, so admins need to take other action.
Kategorie: Hacking & Security

U.S. Elections True Test for Facebook’s Disinformation Crackdown

Threatpost - 6 Listopad, 2018 - 17:15
Facebook continues to address the challenges faced during the 2016 election.
Kategorie: Hacking & Security

Apache Struts Warns Users of Two-Year-Old Vulnerability

Threatpost - 6 Listopad, 2018 - 14:27
Users must update their vulnerable libraries manually.
Kategorie: Hacking & Security

Facebook wants to reveal your name to the weirdo standing next to you

Sophos Naked Security - 6 Listopad, 2018 - 13:35
Facebook's had a patent approved for a new way to sniff out potential friends, based on your phone and patterns of movement.
Syndikovat obsah