Silensec Newsletter

Top News

Change Your Twitter Password Now! Bug exposes passwords in plaintext

Twitter has advised all its 330 million users to change their passwords after a software 'glitch' unintentionally exposed its users' passwords by storing them in readable text on its internal computer system.

The social media network disclosed the issue in an official blog post and a series of tweets from Twitter Support.

Twitter has admitted that user passwords were briefly stored in plaintext and may have been exposed to the company's internal tools.

Read more...

Fancy Bear abuses LoJack security software in targeted attacks

LoJack, a software tool designed to rat on computer thieves, appears to be serving a double purpose - seemingly working with a Russian state - sponsored hacking team.

The application allows administrators to remotely lock and locate, and remove files from, stolen personal computers. It's primarily aimed at corporate IT types who want to protect stuff that gets nicked, but anyone can use it.

Just recently, several LoJack agents were found to be unexpectedly connecting to servers that are believed to be controlled by the notorious Russia-linked Fancy Bear APT group.

Read more...

Read more...

Top News

Mozilla Adding New CSRF Protection to Firefox

Mozilla announced this week that the upcoming Firefox 60 will introduce support for the same-site cookie attribute in an effort to protect users against cross-site request forgery (CSRF) attacks.

CSRF attacks allow malicious actors to perform unauthorized activities on a website on behalf of authenticated users by getting them to visit a specially crafted webpage.

Mozilla has pointed out that the current web architecture does not allow websites to reliably determine if a request has been initiated legitimately by the user or if it comes from a 3rd-party script.

Read more...

Yahoo fined $35m for covering up massive IT security screw-up!

Yahoo has been fined $35M by US financial watchdog, the SEC, for failing to tell anyone about one of the world's largest ever computer security breaches.

Now known as Altaba following its long, slow and painful descent in irrelevance, Yahoo! knew that its entire user database:€“ including billions of usernames, email addresses, phone numbers, birthdates, passwords, security questions; had been grabbed by Russian hackers back in 2014, just days after the break-in occurred.

Read more...

Read more...

Top News

LinkedIn bug allowed data to be stolen from user profiles

A bug in how LinkedIn autofills data on other websites could have allowed an attacker to silently steal user profile data.

The flaw was found in LinkedIn's widely used AutoFill plugin, which allows approved 3rd-party websites to let LinkedIn members automatically fill in basic information from their profile - such as their name, email address, location, and where they work - as a quick way to sign up to the site or to receive email newsletters.

Read more...

iPhones, iPads Can Be Hacked via 'Trustjacking' Attack

A feature that allows users to wirelessly sync their iPhones and iPads with iTunes can be abused by hackers to take control of iOS devices in what researchers call a "Trustjacking" attack.

This feature can be enabled by physically connecting an iOS device to a computer with iTunes and enabling the option to sync over WiFi.

If an attacker gets the targeted user to connect their iPhone/iPad via a cable to a malicious or compromised device, the hacker gains persistent control over the device as long as they are on the same wireless network as the victim.

Read more...

Read more...

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed