Silensec Newsletter

Top News

There will not be a Windows 11

​It sounds like ‪‎Windows 10‬ will be ‪Microsoft‬’s last complete release, instead opting for updates to dix/add/test new features. Read more... 

 

 

 

 

 

 

Women‬ In ‪Security‬ Speak Out On Why There Are Still So Few Of Them

​They are now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population. Read more...

 

 

Major Hacks of the Week

Jamie Oliver’s website hacked again, drops password stealer

The ‪website‬ of popular British Chef Jamie Oliver is still having issues and potentially infecting visitors looking for a recipe or other material on JamieOliver.com. Browsing any page will trigger a malicious redirection chain to, a ‪password‬ ‪stealer‬ , the Fiesta exploit kit. Read more...

Kaspersky Uncovers Naikon Hackers Targeting Asia-Pacific Nations

The Naikon hacker group is exploiting government, civil and military organizations in the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Thailand, Laos, China and Nepal, according to a new report from security firm Kaspersky Lab. The Naikon hackers, active for the last five years, have a repertoire of 48 backdoor commands in their toolset to exploit victims. The name Naikon is a reference to a name that is found in the code the hacker group uses. Read more...

Major Vulnerabilities Disclosed

Flawed encryption leaves millions of smart grid devices at risk of cyberattacks

Millions of smart meters, thermostats, and other internet-connected devices are at risk of cyberattacks because they come with easily crackable encryption, a study has warned. Researchers, Philipp Jovanovic and Samuel Neves,  found that the "weak cryptography" used in the Open Smart Grid Protocol (OSGP), can easily be cracked through a series of relatively simple attacks. In one case, the researchers said they could "completely" defeat a device's cryptography. Read more...

Hacker 3D prints device that can crack a combo lock in 30 seconds

A California hacker who has become an expert in cracking locks has invented a 3D-printed machine that can crack a rotary combination lock in around 30 seconds – and he's released the plans, 3D models, and code as open source. Read more...

Legal, Regulatory and Corporate

‘Big Win’ for Big Brother: NSA Celebrates the Bill That’s Designed to Cuff Them

Civil libertarians and privacy advocates were applauding yesterday after the House of Representatives overwhelmingly passed legislation to stop the National Security Agency from collecting Americans’ phone records. But they’d best not break out the bubbly. The really big winner here is the NSA. Over at its headquarters in Ft. Meade, Md., intelligence officials are high-fiving, because they know things could have turned out much worse. Read more...

How Google Decides If You Have the "Right To Be Forgotten"

At a data-privacy conference in Berlin, Google’s global privacy counsel Peter Fleischer explained how the decision-making process over right to be forgotten requests plays out at Google, reports Wall Street Journal. As you might expect, it’s often a multi-stage process. Requests are submitted inline via a web form and sent directly to “a large team of lawyers, paralegals and engineers” in Google’s Dublin offices who “decide the easy cases.” Most of these simple ones— “the little shoplifting thing, the little this or that,” as Fleischer puts it— are just taken straight down. Read more...

Security and Beyond

Organizations lack control over mobile workspaces

More than 64 percent of respondents to a SANS survey said a majority of their mobile workforce can access their organizations’ secure data remotely, yet less than 25 percent said sufficient policies/controls are in place for mobile media. An additional 25 percent admitted to having no controls (no policy or technical controls enforced by centralized management) in place. The unmanaged personal computers, laptops, smartphones and tablets that make up almost one-third of the mobile BYOD used to access corporate data, combined with lack of controls, leave organizations vulnerable to data exposure. Read more...

Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research

The recent example of a software vendor leveraging laws like the Digital Millennium Copyright Act (DMCA) to intimidate a security researcher is counterproductive. The researcher and team at the security consulting firm IOActive took a risk by attempting to report security flaws in a digital lock, and the company that makes the lock didn't exactly welcome the news. Read more...

Security Awareness Tip

How safe is that email?

While most people may know not to open email attachments, many don't realize that dangers can lie in the body of an email too. HTML mail or mails that contain embedded photos are just as dangerous. Embedded images and PDFs can contain malicious code that is harmful.  So be sure not to open any unsolicited/suspicious mail.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and  feed-image Feed.

For any questions please click on the following contact us link

Top News

The London Railway System Passwords Exposed During TV Documentary

The Weakest Link In the Information Security Chain is still – Humans. And this news has ability to prove this fact Right as one of London's busiest railway stations has unwittingly exposed their system credentials during a BBC documentary. The sensitive credentials printed and attached to the top of a station controller's monitor were aired. Read more...



72% of companies are not prepared for a data breach!

EiQ Networks conducted a survey on information security priorities and challenges. Based on responses from 168 IT decision makers across industries, results point to lack of confidence in their security technologies and lack of the people, processes to implement it. 72% of respondents stated that their IT infrastructure is "not well protected" and is vulnerable to APTs. Read more... 

 

 

Read more...
Top News

The Great Cannon is China's powerful new hacking weapon 

The relentless days-long cyberattack on GitHub showed that someone was willing to use hundreds of thousands of innocent internet users to try to take down two single pages set up by an organization fighting Chinese censorship.A group of cybersleuths has discovered that someone is indeed China, as everyone suspected. More importantly, they’ve also learned that the attack was carried out with a powerful new cyberweapon, whose existence was previously unknown. Researchers at the ​Citizen Lab—a digital watchdog at the University of Toronto's Munk School of Global Affairs—are calling it the “Great Cannon.” It’s a tool essentially capable of monitoring internet traffic and targeting anyone its operators decide to hit, sending back malware or spyware, or using the target to flood another site with traffic. Read more...

 

 

 

Chinees mobile app used for hiring thugs to beat up people!

A satirical Chinese video about a mobile app that lets you hire thugs to beat up bullies has been turned into reality. According to Want China Times, the app has recently been removed from Chinese app stores because people were using it to arrange real-life beatings by real-life hitmen for hire. Read more...

 

 

Major Hacks of the Week

Magento Flaw Exploited in the Wild a few hours after disclosure

According to the security experts at Sucuri firm, within 24 hours after the disclosure of the vulnerability in Magento platform, bad actors are already attempting to hack e-commerce websites using it. The experts traced back the attacks to a couple of Russian IP addresses (62.76.177.179 and 185.22.232.218). Read more... 

How attackers exploit end-users' psychology

At RSA Conference 2015, Proofpoint released the results of its annual study that details the ways attackers exploit end-users' psychology to circumvent IT security. Read more...

Major Vulnerabilities Disclosed

Patching Windows HTTP vulnerability should be prioritized

A newly patched vulnerability in Windows has set alarm bells ringing because it can be used to remotely execute code on unpatched computers. Unsuccessful attempts may result in a blue screen of death (BSoD) condition, which could be used as a means to perform denial-of-service (DoS) attacks against computers running Microsoft Internet Information Services (IIS) servers. This vulnerability affects Windows 8.1, Windows 8, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows 7. If left unpatched, the vulnerability could enable remote code execution if an attacker sends a specially crafted HTTP request to a Windows computer. Read more...

Ransomware: Return of the mac(ro)

Ransomware attackers have resorted to reviving a very old attack vector, the malicious Word macro. Although they enjoyed their heyday more than a decade ago, Word macro attacks picked up in recent months before a major surge last week. One such ransomware campaign was discovered last week and targeted victims in France with emails that purport to come from the French Ministry for Justice. The emails informed the victim that a court judgment had been made against them, authorizing the seizure of property in lieu of money they owed. The fake judgment comes in an attached Microsoft Word document. The document contains a macro which, if allowed to run, will install several pieces of malware on the victim’s computer, including the Cryptodefense variant of ransomware (Trojan.Cryptodefense). Read more...

Legal, Regulatory and Corporate

Huawei CEO says Chinese cybersecurity rules could backfire

China can only ensure its information security in the long run if it keeps its market open to the best technology products, be they foreign or domestic, Huawei's rotating chief executive Eric Xu told Reuters on Tuesday.Xu's remarks are a rare example of a top Chinese CEO openly questioning the direction of Beijing's information security policy, already a source of concern for countries who fear it will limit opportunities for their technology firms. Read more...

Blackberry wants to lock down security for the Internet of Things

The Canadian company has plans to make that work in its favor with an encryption certificate based on subsidiary Certicom's elliptic-curved cryptography, this could secure numerous devices ranging from connected car systems to smart meters -- ease of security and authentication are the name of the game here. Read more... 

Security and Beyond

Export Google Search History

"You can download all of your saved search history to see a list of the terms you've searched for. This gives you access to your data when and where you want," informs Google. "When you download your past searches, a copy of your history will be saved securely to the Takeout folder in Google Drive. You can download the files to your computer if you want a copy on your computer." Google will send you an email when your archive is ready to download. Read more...

The Delicate Art of Remote Checks – A Glance Into MS15-034

By definition a remote check is a piece of code that allows the user to discern a vulnerability by actually exercising the code in a patch.  These types of checks became popular during the era of worms, as a way to reliably determine exploitability in circumstances where a server’s banner was not enough information to discern a patched status.  The exact process is somewhat difficult to capture as years of patch analysis at eEye (acquired by BeyondTrust in 2012) provides some measure of intuition. Read more...

Security Awareness Tip

2 step verification

You should to take advantage of 2 step authentication on google and facebook where a one time key is sent as an SMS everytime one wants to login.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and  feed-image Feed.

For any questions please click on the following contact us link

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed