Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Mac Zero Day Targets Apple Devices in Hong Kong

Threatpost - 12 Listopad, 2021 - 19:05
Google researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.
Kategorie: Hacking & Security

Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux

The Hacker News - 12 Listopad, 2021 - 16:15
Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service (DDoS) attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30
Kategorie: Hacking & Security

Millions of Routers, IoT Devices at Risk from BotenaGo Malware

Threatpost - 12 Listopad, 2021 - 14:14
BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.
Kategorie: Hacking & Security

Hra na oliheň byla jen špičkou ledovce. Podvodů se streamovacími službami přibývá

Novinky.cz - bezpečnost - 12 Listopad, 2021 - 12:44
Bezpečnostní experti již dříve varovali, že kyberzločinci ve velkém zneužívají oblíbený seriál Squid Game (česky Hra na oliheň). Jak ale nyní upozornila antivirová společnost Kaspersky, byla to jen špička ledovce. Podvodů se streamovacími službami je na síti daleko více. A co hůř, jejich počet neustále roste.
Kategorie: Hacking & Security

Researchers Uncover Hacker-for-Hire Group That's Active Since 2015

The Hacker News - 12 Listopad, 2021 - 05:48
A new cyber mercenary hacker-for-hire group dubbed "Void Balaur" has been linked to a string of cyberespionage and data theft activities targeting thousands of entities as well as human rights activists, politicians, and government officials around the world at least since 2015 for financial gain while lurking in the shadows. Named after a many-headed dragon from Romanian folklore, the adversary
Kategorie: Hacking & Security

Invest in These 3 Key Security Technologies to Fight Ransomware

Threatpost - 11 Listopad, 2021 - 21:32
Ransomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs , discusses secure email, network segmentation and sandboxing for defense.
Kategorie: Hacking & Security

Back-to-Back PlayStation 5 Hacks Hit on the Same Day

Threatpost - 11 Listopad, 2021 - 21:06
Cyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.
Kategorie: Hacking & Security

Kromě děr Microsoft opravuje problémový výkon nebo nabídku Start ve Windows 11

Zive.cz - bezpečnost - 11 Listopad, 2021 - 20:45
V tomto týdnu proběhlo další záplatovací úterý a pro Jedenáctky bylo druhé v řadě. Je to důležité, protože čerstvě po vydání je operační systém ještě relativně neodladěný. Microsoft také opravil slušnou porci chyb. Ke konci se pak blíží podpora spotřebitelských edic Windows 10 verze 2004, zbývá jim ...
Kategorie: Hacking & Security

Designing a Proactive Ransomware Playbook for Today’s Threat Landscape

Threatpost - 11 Listopad, 2021 - 20:29
Asset inventories and risk assessments are critical tools in defending against the increasing scourge of ransomware.
Kategorie: Hacking & Security

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

Threatpost - 11 Listopad, 2021 - 19:48
A Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector.
Kategorie: Hacking & Security

ClusterFuzzLite: Continuous fuzzing for all

Google Security Blog - 11 Listopad, 2021 - 19:13
Posted by Jonathan Metzman, Google Open Source Security Team

In recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data into a program, fuzzing catches bugs that would otherwise slip through the most thorough manual checks and provides coverage that would take staggering human effort to replicate. NIST’s guidelines for software verification, recently released in response to the White House Executive Order on Improving the Nation’s Cybersecurity, specify fuzzing among the minimum standard requirements for code verification.

Today, we are excited to announce ClusterFuzzLite, a continuous fuzzing solution that runs as part of CI/CD workflows to find vulnerabilities faster than ever before. With just a few lines of code, GitHub users can integrate ClusterFuzzLite into their workflow and fuzz pull requests to catch bugs before they are committed, enhancing the overall security of the software supply chain.

Since its release in 2016, over 500 critical open source projects have integrated into Google’s OSS-Fuzz program, resulting in over 6,500 vulnerabilities and 21,000 functional bugs being fixed. ClusterFuzzLite goes hand-in-hand with OSS-Fuzz, by catching regression bugs much earlier in the development process.

Large projects including systemd and curl are already using ClusterFuzzLite during code review, with positive results. According to Daniel Stenberg, author of curl, “When the human reviewers nod and have approved the code and your static code analyzers and linters can't detect any more issues, fuzzing is what takes you to the next level of code maturity and robustness. OSS-Fuzz and ClusterFuzzLite help us maintain curl as a quality project, around the clock, every day and every commit.”

With the release of ClusterFuzzLite, any project can integrate this essential testing standard and benefit from fuzzing. ClusterFuzzLite offers many of the same features as ClusterFuzz, such as continuous fuzzing, sanitizer support, corpus management, and coverage report generation. Most importantly, it’s easy to set up and works with closed source projects, making ClusterFuzzLite a convenient option for any developer who wants to fuzz their software.


 


With ClusterFuzzLite, fuzzing is no longer just an idealized "bonus" round of testing for those who have access to it, but a critical must-have step that everyone can use continuously on every software project. By finding and preventing bugs before they enter the codebase we can build a more secure software ecosystem.

To learn more, check out the ClusterFuzzLite documentation. ClusterFuzzLite currently supports GitHub ActionsGoogle Cloud Build and Prow. We built this with CI system extensibility in mind, and adding support for other CI systems is straightforward. Please contact us if you’re interested in contributing support, or have any questions, feedback or feature requests.
Kategorie: Hacking & Security

Congress Mulls Ban on Big Ransom Payouts Unless Victims Get Official Say-So

Threatpost - 11 Listopad, 2021 - 18:54
A bill introduced this week would regulate ransomware response by the country's critical financial sector.
Kategorie: Hacking & Security

Tiny Font Size Fools Email Filters in BEC Phishing

Threatpost - 11 Listopad, 2021 - 15:00
The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.
Kategorie: Hacking & Security

Jak se dostane virus do PC? Stačí otevřít speciálně upravený Excel dokument

Novinky.cz - bezpečnost - 11 Listopad, 2021 - 14:22
Tabulkový editor Microsoft Excel obsahuje závažnou zranitelnost, kterou mohou snadno zneužít hackeři. Stačí, aby uživateli podstrčili speciálně upravený dokument. Škodlivý kód se do PC dostane jeho pouhým otevřením. Vážná trhlina byla objevena také v Exchange Serveru od Microsoftu, jak upozornil Národní úřad pro kybernetickou bezpečnost (NÚKIB).
Kategorie: Hacking & Security

TrickBot Operators Partner with Shathak Attackers for Conti Ransomware

The Hacker News - 11 Listopad, 2021 - 13:44
The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing malware-loading capabilities," Cybereason security analysts Aleksandar Milenkoski and Eli Salem said in a
Kategorie: Hacking & Security

BusyBox flaws highlight need for consistent IoT updates>

LinuxSecurity.com - 11 Listopad, 2021 - 13:00
Security researchers have found and reported 14 vulnerabilities in the BusyBox userspace tool that's used in millions of embedded devices running Linux-based firmware. While the flaws don't have high criticality, some of them do have the potential to result in remote code execution (RCE). These flaws highlight the need for consistent IoT updates.
Kategorie: Hacking & Security

Navigating The Threat Landscape 2021 – From Ransomware to Botnets

The Hacker News - 11 Listopad, 2021 - 10:30
Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals.  The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting digital infrastructures, organizations, and individuals in 2021. Threats can take different forms with
Kategorie: Hacking & Security

Iran's Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa

The Hacker News - 11 Listopad, 2021 - 09:00
A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers (ISPs) and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs (MFA) in Africa, new findings reveal. The intrusions, staged by a group tracked as Lyceum, are believed to have occurred
Kategorie: Hacking & Security

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

Sophos Naked Security - 10 Listopad, 2021 - 20:45
The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!
Syndikovat obsah