Blog News Security Blog -  

Úvod  APT blog  Attack blog  BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog


 


Datum

Název

Info

Blog

Companies

17.3.19

Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in February 2019

Security researchers at F5 Networks constantly monitor web traffic at various locations throughout the world. This allows us to detect current “in the wild” malware, and to get an insight into a threat actor’s attack pattern. So, what did we see in February 2019?

Security blog

F5 Labs

17.3.19

Intentionally Insecure: Poor Security Practices in the Cloud

I’m writing this on the last day of February 2019. So far this year, there have been five documented cases of organizations exposing their private data due to misconfigured S3 buckets or cloud databases.

Security blog

F5 Labs

17.3.19

Breaking the Bank: Weakness in Financial AI Applications

Currently, threat actors possess limited access to the technology required to conduct disruptive operations against financial artificial intelligence (AI) systems and the risk of this targeting type remains low. However, there is a high risk of threat actors leveraging AI as part of disinformation campaigns to cause financial panic

Security blog

FireEye

8.3.19

RSA conference, USA 2019: Keynotes and key words A bright tomorrow of technical delight, or a dismal future of digital dysfunction? Security blog

Eset

8.3.19

RSA 2019: Protecting your privacy in a NIST and GDPR world Protecting your privacy is no longer just an option but a legal requirement in many parts of the world Security blog

Eset

8.3.19

Teen earns US$1 million in bug bounties A ‘white hat’ from Argentina has come a long way since winning his first reward of US$50 in 2016 Security blog

Eset

7.2.19

The Curious Case of Convexity Confusion

Some time ago, I noticed a tweet about an externally reported vulnerability in Skia graphics library (used by Chrome, Firefox and Android, among others). The vulnerability caught my attention for several reasons: Firstly, I looked at Skia before within the context of finding precision issues, and any bugs in the code I already looked at instantly evoke the “What did I miss?” question in my head.

Security blog

Project Zero

30.1.19

Hear me out! Thousands tell UK taxman to wipe their voice IDs Even so, the database has grown to seven million voiceprints amid a controversy that puts the spotlight on the privacy implications of the collection of biometric informationSecurity blogEset

28.1.19

Dynamic Data Resolver (DDR) - IDA Plugin

Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by debugging a piece of malware, the malware will often detect it and start behaving differently. Cisco Talos is here with Dynamic Data Resolver (DDR) a new plugin for IDA that aims to make the reverse-engineering of malware easier.

Security blog

Cisco Talos

28.1.19

Why we want users' feedback on Snort rule documentation

When Snort alerts the end user, the rule documentation is their first and possibly only avenue to find information on malicious traffic in their network. We know this can be better, and we want your help in determining what we can do to make Snort users more knowledgable and provide them more information.

Security blog

Cisco Talos

28.1.19 Browser push notifications: a feature asking to be abused Whoever invented browser push notifications must have been able to guess they would be abused for advertising. This post explains what they are and how to disable them.Security blogMalwarebytes
28.1.19 Email security does not end with your password A strong password is a great start, but there are more ways to make sure that your email is as secure as possibleSecurity blogEset

22.1.19

Digging Up the Past: Windows Registry Forensics Revisited

Learn about using Windows registry data when performing forensic analysis of computer networks.

Security blog

FireEye

9.1.19 CES – singularity and securing the car What's in store for automotive security once cars morph into mobile living rooms and working spaces? And how about transportation at large?Security blogEset
9.1.19 What is threat cumulativity and what does it mean for digital security? A reflection on how acknowledging the cumulative nature of cyber-threats and understanding its implications can benefit our digital securitySecurity blogEset
1.1.19 What should you do with your old devices Disposal of old tech requires thought and effort and the need to cleanse the device of any personal data is just one of the concernsSecurity blogEset
21.12.18 SPARE: Five tips for a safer online shopping experience There is still some time left to pick up some last-minute shopping before it’s too late but in the rush to do so don’t forget to do it safely Security blogEset
21.12.18 Spaceballs Security: The Top Attacked Usernames and Passwords What attackers spend their time and energy on attacking, and how they attack it, is the best indication of what works for them. Outside of targeted attacks for specific espionage, hacktivism, or warfare purposes, cybercrime is a volume game. Security blogF5 Labs
18.12.18

The most popular passwords of 2018 revealed: Are yours on the list?

Besides the usual suspects among the worst of passwords, a handful of notable – but similarly poor – choices make their debuts

Security blogEset
12.12.18 Data scraping treasure trove found in the wild We bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. The information was apparently scraped from various sources and left to gather dust, for anyone lucky enough to stumble upon it. Security blogMalwarebytes
5.12.18 An introduction to offensive capabilities of Active Directory on UNIX In preparation for our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises' Active Directory forests. Security blogCisco Talos
30.11.18 Cyber Security Predictions: 2019 and Beyond As you think about how to deploy in advance of a new year of cyber threats, here are the trends and activities most likely to affect your organization Security blogSymantec
30.11.18 Digital Takeaways From the Supreme Court Fight It’s always interesting to watch how the ongoing digital transformation of our lives is changing the world in ways we never would have anticipated years ago. Financial information, social interactions, even our physical locations may be up for grabs in cyberspace, with real-world ramifications. Security blogF5 Labs
30.11.18 Reviewing Recent API Security Incidents In the 18 Application Protection Report, we mentioned the potential vulnerabilities associated with application programming interfaces (APIs). These APIs specify how various application components and clients should autonomously interact with each other to deliver the application experience. Security blogF5 Labs
30.11.18 Don’t Accept Risk With a Pocket Veto We who live risk management know there are four responses when confronted with a credible risk to our organizations. We can treat the risk to reduce it. We can avoid the risk by altering our organization’s behavior. Security blogF5 Labs
30.11.18 Obfuscated Command Line Detection Using Machine Learning This blog post presents a machine learning approach to detecting obfuscated Windows command line invocations on endpoints. Security blogFireEye
30.10.18 Symantec’s Latest Intelligence Page: Your Weather Report for the Threat Landscape We've revamped the Latest Intelligence page with new metrics and a new look. Security blogSymantec
25.10.18 18 Flare-On Challenge Solutions The fifth annual Flare-On Challenge is over, with 114 finishers out of 4,893 registrants. Security blogFireEye

30.7.18

SiliVaccine: Inside North Korea’s Anti-Virus By: Mark Lechtik and Michael Kajiloti Revealed: In an exclusive piece of research, Check Point Researchers have carried out a revealing investigation into North Korea’s home-grown anti-virus software, SiliVaccine. One of several interesting. Security blog

Checkpoint

30.7.18 Check Point’s 18 Security Report 2017 was a pivotal year that surprised many in the IT security industry. From the resurgence of destructive ransomware, IoT botnets, data breaches and mobile malware to full scale nation state attacks, it is Security blog

Checkpoint

30.7.18

Tribute to Kris Kaspersky Just over a year ago one of the greatest minds in the cyber research world sadly passed away. Born in the small Russian village of Uspenskoye, Kris Kaspersky, originally named Nikolay Likhachev, suffered. Security blogCheckpoint
30.7.18 Check Point Mobile Research Team Looks Back On 2017 The mobile world is extremely dynamic and changes rapidly, so it’s always a little hectic to follow its lead. For this reason, we try to stop every once in a while and take. Security blogCheckpoint