Silensec Newsletter

DoorDash announces data breach affecting 4.9 million people

DoorDash announces data breach affecting 4.9 million people

DoorDash announced in a blog post that an "unauthorized third party" had accessed user data of approximately 4.9 million "consumers, Dashers, and merchants."

DoorDash said names, email addresses, delivery addresses, order histories, phone numbers, and hashed, salted passwords all “could” have been accessed.

However, it’s not clear what, if anything, might have been done with the data by the third party.

Read more...

Massive wave of account hijacks hits YouTube creators

Massive wave of account hijacks hits YouTube creatorsy

A massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community.

Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already.

The list includes channels such as Built [Instagram post, YouTube channel] among others.

Read more...

Simjacker Exploits S@T Browser to Affect a Billion Users

Simjacker Exploits S@T Browser to Affect a Billion Users

Platform agnostic attack, Simjacker allows hackers to remotely exploit the victims' phone by sending a SMS which contains a malicious code; the code gives instructions to the universal integrated circuit card (UICC)/ SIM card placed inside the targeted device to retrieve and carry out sensitive commands.

The attack is set into motion as soon as the 'attack SMS' sent via another remote handset, is received by the targeted device. The process involves a series of SIM Toolkit (STK) directions particularly configured to be sent on to the SIM Card inside the victim's device.

Read more...

The Central Bank of Russia will fine banks for weak cyber defense

The Central Bank of Russia will fine banks for weak cyber defense

On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense. The Central Bank launched a new feature for credit institutions, it will be the risk profile on the level of information security.

The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack.

Read more...

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey and sent a series of racist and offensive tweets to Dorsey's followers.

Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number associated with the CEO account and abused this particular feature to post racist, offensive messages and bomb threats from it via SMS.

Read more...

Oklahoma pension fund reports $4.2 million cyber theft

Oklahoma pension fund reports $4.2 million cyber theft

The FBI is investigating after computer hackers managed to steal about $4.2 million in funds from a pension system for retired Oklahoma Highway Patrol troopers and other state law enforcement officers, state officials said Friday.

A notice posted on the Oklahoma Law Enforcement Retirement System website said the agency notified the FBI and couldn't comment further on details of the breach.

Read more...