Silensec Newsletter

Top News

RIP Net Neutrality

The US FCC voted along party lines to repeal landmark 2015 rules.

The net neutrality rulese wre aimed at ensuring a free and open internet, setting up a court fight over a move that could recast the digital landscape.

The approval of FCC Chairman proposal marked a victory for internet service providers like AT&T Inc., Comcast Corp, and Verizon Communications Inc and hands them power over what content consumers can access.

Read more...

Cybersecurity Trends 2018: The costs of connection

After a highly eventful 2017, when an increasing number of cybersecurity incidents grabbed headlines in the mainstream media and will no doubt generate further vibrant discussions about the threat landscape in 2018:

1. Expansion of cyberthreats and cyberattacks
2. Ransomware will remain in great demand among cybercriminals,
3. Attacks aimed at critical infrastructure are set to continue to generate headlines,
4. Electronic voting systems are grappling with vulnerabilities of their own

Ultimately, 2018 brings further successful investigations that will continue to lend a hand to authorities to ultimately make the internet a safer place for everyone - except cybercriminals.

Read more...

Read more...

Top News

Phishers are upping their game. So should you

Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

According to stats released this week by anti-phishing firm PhishLabs, nearly 25 percent of all phishing sites in the third quarter of this year were hosted on HTTPS domains — almost double the percentage seen in the previous quarter.

“A year ago, less than three percent of phish were hosted on websites using SSL certificates,” wrote Crane Hassold, the company’s threat intelligence manager. “Two years ago, this figure was less than one percent.”

Hassold posits that more phishers are moving to HTTPS because it helps increase the likelihood that users will trust that the site is legitimate. After all, your average Internet user has been taught for years to simply “look for the lock icon” in the browser address bar as assurance that a site is safe.

Read more...

Major banking applications were found vulnerable to MiTM attacks over SSL

A group of security researchers has discovered a critical vulnerability in major mobile banking applications that left banking credentials vulnerable to hackers.

An attacker could intercept SSL connection and retrieve the user'€™s banking credentials even if the apps are using SSL pinning feature, which provides an additional level of protection against man-in-the-middle attacks, the certificate pinning is implemented to avoid detection of security solutions that use their own certificates to inspect the traffic.

Read more...

Read more...

Top News

.GIF garage Imgur plugs 1.7M subscriber creds breach

The world's self-described "most awesome" collection of images, Imgur, has confessed to leaking 1.7M user records in 2014.

Imgur's chief operating officer posted a confirmation of the breach saying that users' registered email addresses and hashed passwords were leaked, but no personally-identifying information was compromised.

The only risk to passwords is that until 2016 Imgur used the SHA-256 algorithm to encrypt passwords, which is susceptible to brute-force attacks.

Read more...

A new Mirai variant is rapidly spreading, 100k+ IPs running the scans in the past 60 hours

Researchers noticed big upticks on port 2323 and 23 scan traffic, with almost 100k unique scanner IP came from Argentina.

According the researcher, a publication of the proof-of-concept (PoC) exploit code in a public vulnerabilities database is the root cause of the increase of activity associated with the Mirai botnet, the experts observed scans using it.

After investigation, the researchers are convinced that this is a new mirai variant.

Read more...

Read more...

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed