Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Purveyor of Cracked Netflix, Hulu, Spotify Accounts Arrested

Threatpost - 13 Březen, 2019 - 20:44
A Sydney man is accused of selling nearly 1 million compromised accounts, for a significant profit.
Kategorie: Hacking & Security

Intel Windows 10 Graphics Drivers Riddled With Flaws

Threatpost - 13 Březen, 2019 - 19:29
Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code execution.
Kategorie: Hacking & Security

MAGA ‘Safe Space’ App Developer Threatens Security Researcher

Threatpost - 13 Březen, 2019 - 16:58
The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data.
Kategorie: Hacking & Security

Three Ways DNS is Weaponized and How to Mitigate the Risk

Threatpost - 13 Březen, 2019 - 16:23
Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.
Kategorie: Hacking & Security

Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw

Threatpost - 13 Březen, 2019 - 15:15
Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.
Kategorie: Hacking & Security

AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF

The Hacker News - 13 Březen, 2019 - 15:11
With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web Services). <!-- adsense --> With the AWS Certified Architect Developer Bundle 2019,
Kategorie: Hacking & Security

“FINAL WARNING” email – have they really hacked your webcam?

Sophos Naked Security - 13 Březen, 2019 - 14:19
In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? It's all a pack of lies. Don't reply. Don't engage.

Chrome will soon block drive-by-download malvertising

Sophos Naked Security - 13 Březen, 2019 - 14:17
A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.

Assessing Your Organization’s Cybersecurity Practices with Homeland Security’s Cyber Resilience Review

InfoSec Institute Resources - 13 Březen, 2019 - 14:05

Every time a new high-profile data breach makes the news, it’s another reminder to organizations about the need to be vigilant. With the estimated cost per lost or stolen record at $148 (according to an IBM/Ponemon study), the numbers can add up fast. For small businesses, the losses could hit hard too — Kaspersky estimates […]

The post Assessing Your Organization’s Cybersecurity Practices with Homeland Security’s Cyber Resilience Review appeared first on Infosec Resources.

Assessing Your Organization’s Cybersecurity Practices with Homeland Security’s Cyber Resilience Review was first posted on March 13, 2019 at 8:05 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Top 10 Penetration Testing Certifications for Security Professionals [Updated 2019]

InfoSec Institute Resources - 13 Březen, 2019 - 14:02

As more organizations turn to penetration testing for identifying gaps in their defense systems, the demand for skilled penetration testers has been growing. While other types of security practitioners can probe information systems and networks for their vulnerabilities, pentesters are highly specialized, trained to think like hackers when exploiting security weaknesses. According to the TechRepublic, […]

The post Top 10 Penetration Testing Certifications for Security Professionals [Updated 2019] appeared first on Infosec Resources.

Top 10 Penetration Testing Certifications for Security Professionals [Updated 2019] was first posted on March 13, 2019 at 8:02 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Update now! WordPress abandoned cart plugin under attack

Sophos Naked Security - 13 Březen, 2019 - 13:44
Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.

Windows 10 se už po aktualizaci nezhroutí. Budou mít bezpečnější instalaci záplat

Zive.cz - bezpečnost - 13 Březen, 2019 - 13:31
Klíčové aktualizace na Windows 10 budou zase o něco bezpečnější, Microsoft totiž pracuje na systému, který si poradí, pokud selžou. Je to patrné alespoň z nového záznamu na webu nápovědy, který odhalil web Windows Latest. Pokud Windows nainstalují třeba nové ovladače grafické karty, vyžádají si ...
Kategorie: Hacking & Security

Misconfigured Box accounts leak terabytes of companies’ sensitive data

Sophos Naked Security - 13 Březen, 2019 - 13:29
Easily guessable URLs led to what should have been big companies' very private data. Even Box itself was found to be exposing folders.

Microsoft Releases Patches for 64 Flaws — Two Under Active Attack

The Hacker News - 13 Březen, 2019 - 12:01
It's time for another batch of "Patch Tuesday" updates from Microsoft. Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity. The update addresses flaws in Windows, Internet Explorer, Edge, MS
Kategorie: Hacking & Security

New bill would give parents an ‘Eraser Button’ to delete kids’ data

Sophos Naked Security - 13 Březen, 2019 - 11:49
The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.

The fourth horseman: CVE-2019-0797 vulnerability

Kaspersky Securelist - 13 Březen, 2019 - 11:00

In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. The company confirmed the vulnerability and assigned it CVE-2019-0797. Microsoft have just released a patch, crediting Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin with the discovery:

This is the fourth consecutive exploited Local Privilege Escalation vulnerability in Windows we have discovered recently using our technologies. Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat. While FruityArmor is known to have used zero-days before, SandCat is a new APT we discovered only recently. In addition to CVE-2019-0797 and CHAINSHOT, SandCat also uses the FinFisher/FinSpy framework.

Kaspersky Lab products detected this exploit proactively through the following technologies:

  1. Behavioral detection engine and Automatic Exploit Prevention for endpoint products;
  2. Advanced Sandboxing and Anti Malware engine for Kaspersky Anti Targeted Attack Platform (KATA).

Kaspersky Lab verdicts for the artifacts used in this and related attacks are:

  • HEUR:Exploit.Win32.Generic
  • HEUR:Trojan.Win32.Generic
  • PDM:Exploit.Win32.Generic
Brief technical details – CVE-2019-0797

CVE-2019-0797 is a race condition that is present in the win32k driver due to a lack of proper synchronization between undocumented syscalls NtDCompositionDiscardFrame and NtDCompositionDestroyConnection. The vulnerable code can be observed below on screenshots made on an up-to-date system during initial analysis:

Snippet of NtDCompositionDiscardFrame syscall (Windows 8.1)

On this screenshot with the simplified logic of the NtDCompositionDiscardFrame syscall you can see that this code acquires a lock that is related to frame operations in the structure DirectComposition::CConnection and tries to find a frame that corresponds to a given id and will eventually call a free on it. The problem with this can be observed on the second screenshot:

Snippet of NtDCompositionDestroyConnection syscall inner function (Windows 8.1)

On this screenshot with the simplified logic of the function DiscardAllCompositionFrames that is called from within the NtDCompositionDestroyConnection syscall you can see that it does not acquire the necessary lock and calls the function DiscardAllCompositionFrames that will release all allocated frames. The problem lies in the fact that when the syscalls NtDCompositionDiscardFrame and NtDCompositionDestroyConnection are executed simultaneously, the function DiscardAllCompositionFrames may be executed at a time when the NtDCompositionDiscardFrame syscall is already looking for a frame to release or has already found it. This condition leads to a use-after-free scenario.

Interestingly, this is the third race condition zero-day exploit used by the same group in addition to CVE-2018-8589 and CVE-2018-8611.

Stop execution if module file name contains substring “chrome.exe”

The exploit that was found in the wild was targeting 64-bit operating systems in the range from Windows 8 to Windows 10 build 15063. The exploitation process for all those operating systems does not differ greatly and is performed using heap spraying palettes and accelerator tables with the use of GdiSharedHandleTable and gSharedInfo to leak their kernel addresses. In exploitation of Windows 10 build 14393 and higher windows are used instead of palettes. Besides that, that exploit performs a check on whether it’s running from Google Chrome and stops execution if it is because vulnerability CVE-2019-0797 can’t be exploited within a sandbox.

Vulnerability in Swiss e-voting system could have led to vote alterations

LinuxSecurity.com - 13 Březen, 2019 - 10:23
Two separate teams of security researchers and academics from universities in Australia and Switzerland have revealed today vulnerabilities in the e-voting system that the Swiss voting commission plans to roll out for future elections.
Kategorie: Hacking & Security

Cybercriminals Think Small to Earn Big

LinuxSecurity.com - 13 Březen, 2019 - 10:14
There were 12,449 new, authentic breaches and leaks in 2018, an increase of 424% from the year prior. But the average breach size was 216,884 records 4.7 times smaller than in 2017.
Kategorie: Hacking & Security

Firefox Send — Free Encrypted File Transfer Service Now Available For All

The Hacker News - 13 Březen, 2019 - 09:40
Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send, to the public, allowing users to securely share large files like
Kategorie: Hacking & Security

Zvuky laboratorních přístrojů mohou prozradit pečlivě střežená tajemství

Zive.cz - bezpečnost - 13 Březen, 2019 - 08:00
** Zvuky provázející chod laboratorních aparatur prozrazují víc, než jsme si dokázali představit ** Američtí vědci si ověřili, že ze zdánlivě nic neříkajícího laboratorního šumu lze vytáhnout řadu věcí ** Například přísně tajenou strukturu syntetizované DNA
Kategorie: Hacking & Security
Syndikovat obsah