Silensec Newsletter

Top News

Script kiddies, criminals hacking video streams for fun & profit

Video streams are being hijacked in vast quantities and the biggest reason for the intrusion is fun. According to Trend Micro, most camera hacking is being done by "script kiddies" who are in it for fun and peer-group prestige.

The report states that information on exposed cameras or cameras with known passwords is widely shared on the 'Fun' sections of underground forums or in dedicated prank groups in certain social networks.

Read more...

Android P to stop apps from monitoring network activity

Android apps may not be able to detect when other apps on our devices are connecting to the internet. It's about time Google patched this nasty privacy flaw. Any app can monitor network activity without the users knowledge to see when the device connects with a competing app, or perhaps worse.

Developers first noticed the new changes on the Android's SELinux rules for apps targeting API level 28 running on Android P. The SELinux changes only enable designated VPN apps to access some networking information, according to the code.

Read more...

Read more...

Top News

Change Your Twitter Password Now! Bug exposes passwords in plaintext

Twitter has advised all its 330 million users to change their passwords after a software 'glitch' unintentionally exposed its users' passwords by storing them in readable text on its internal computer system.

The social media network disclosed the issue in an official blog post and a series of tweets from Twitter Support.

Twitter has admitted that user passwords were briefly stored in plaintext and may have been exposed to the company's internal tools.

Read more...

Fancy Bear abuses LoJack security software in targeted attacks

LoJack, a software tool designed to rat on computer thieves, appears to be serving a double purpose - seemingly working with a Russian state - sponsored hacking team.

The application allows administrators to remotely lock and locate, and remove files from, stolen personal computers. It's primarily aimed at corporate IT types who want to protect stuff that gets nicked, but anyone can use it.

Just recently, several LoJack agents were found to be unexpectedly connecting to servers that are believed to be controlled by the notorious Russia-linked Fancy Bear APT group.

Read more...

Read more...

Top News

Mozilla Adding New CSRF Protection to Firefox

Mozilla announced this week that the upcoming Firefox 60 will introduce support for the same-site cookie attribute in an effort to protect users against cross-site request forgery (CSRF) attacks.

CSRF attacks allow malicious actors to perform unauthorized activities on a website on behalf of authenticated users by getting them to visit a specially crafted webpage.

Mozilla has pointed out that the current web architecture does not allow websites to reliably determine if a request has been initiated legitimately by the user or if it comes from a 3rd-party script.

Read more...

Yahoo fined $35m for covering up massive IT security screw-up!

Yahoo has been fined $35M by US financial watchdog, the SEC, for failing to tell anyone about one of the world's largest ever computer security breaches.

Now known as Altaba following its long, slow and painful descent in irrelevance, Yahoo! knew that its entire user database:€“ including billions of usernames, email addresses, phone numbers, birthdates, passwords, security questions; had been grabbed by Russian hackers back in 2014, just days after the break-in occurred.

Read more...

Read more...

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed