Silensec Newsletter

Facebook still collecting user information without user permission: 1.5 million email accounts this time round

Facebook still collecting user information without user permission: 1.5 million email accounts this time round

Not a week goes without a new Facebook blunder.

Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity?

At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts.

Now it turns out that the collection of email contacts was true, Facebook finally admits that they "unintentionally" uploaded email contacts of 1.5 million new users on its servers, without their consent or knowledge.

Read more...

CVE-2019-0803 Windows flaw exploited to deliver PowerShell Backdoor

CVE-2019-0803 Windows flaw exploited to deliver PowerShell Backdoor

April 2019 Patch Tuesday security updates addressed a local privilege escalation flaw in Windows operating system, tracked as CVE-2019-0859 that had been exploited by threat actors to deliver a PowerShell backdoor.

The flaw could allow an attacker to escalate privileges on the target system, it exists due to the way the Win32k component handles objects in memory.

Read more...

Backdoor code found in popular Bootstrap-Sass Ruby library

Backdoor code found in popular Bootstrap-Sass Ruby library

Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update.

The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today.

Read more...

540 million Facebook user records found on unprotected Amazon servers

540 million Facebook user records found on unprotected Amazon servers

Two companies exposed more than 540 million records containing information on Facebook users and their activities by leaving the data unprotected in Amazon Web Services (AWS) S3 buckets. Researchers identified an unprotected S3 bucket belonging to a Mexico-based digita media publisher named Cultura Colectiva, which publishes content for sharing on social media networks, has nearly 24 million followers on Facebook.

The second exposed AWS bucket was associated with a defunct application called “At the Pool.” This database also stored information on Facebook customers and their interests, but it also included names, email addresses and plaintext passwords for 22,000 users.

Read more...

3.1 million customer records possibly stolen in Toyota hack

3.1 million customer records possibly stolen in Toyota hack

Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced on Friday.

The announcement comes a few weeks after Toyota Australia said they have been "the victim of an attempted cyber attack".

Read more...

Russia blocks encrypted mail service provider ProtonMail

Russia blocks encrypted mail service provider ProtonMail

Russian federal authorities have directed internet service providers across the country to block access to ProtonMail, an encrypted email service provider.

The block order came directly from the Russian Federal Security Service, formerly KGB, and was enforced following accusations that ProtonMail, and a group of other email service providers, facilitated the sending of bomb threats.

Read more...