Silensec Newsletter

Cisco addresses flaws in HyperFlex and Prime Infrastructure

Cisco addresses flaws in HyperFlex and Prime Infrastructure

Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix two High risk security flaws in HyperFlex software.

The first one is a command injection vulnerability (CVE-2018-15380) in the cluster service manager of the application caused by insufficient input validation, it could be exploited by an attacker to run commands as the root user.

Read more...

Researcher earns $10,000 for another XSS flaw in Yahoo mail

Researcher earns $10,000 for another XSS flaw in Yahoo mail

A researcher says he has discovered yet another critical cross-site scripting XSS vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user’s emails and attach malicious code to their outgoing messages.

A malicious actor could have exploited the security hole to silently forward the victim’s emails to an external website, change the compromised Yahoo account’s settings, and create an email virus that would attach itself to the signature of all outgoing emails.

The bug existed due to failure to properly filter potentially malicious code in HTML emails.

Read more...

Cyber Attack on Malta's Bank of Valletta

Cyber Attack on Malta's Bank of Valletta

The Bank of Valletta, in which the government is the largest shareholder, shut down its systems, closing branches and ATMs, and suspending mobile and Internet banking and internal email. Its website also went offline.

Customer accounts were "in no way impacted or compromised" and normal services would resume as soon as possible, the bank said. Hackers attempted to transfer funds to banks in the Czech Republic, Hong Kong, Britain, and the US, Muscat told parliament.

Read more...

127 million user records from 8 companies put up for sale on the dark web

127 million user records from 8 companies put up for sale on the dark web

An online cybercriminal recently sold 620M user records stolen from 16 companies and has put up a second batch of hacked data totalling 127M, originating from eight companies. The data is currently being sold on Dream Market, a dark web marketplace where crooks sell an assortment of illegal products, such as user data, drugs, weapons, malware, and others.

Read more...

How to delete accidentally sent messages, photos on Facebook Messenger

How to delete accidentally sent messages, photos on Facebook Messenger

Ever sent a message on Facebook Messenger then immediately regretted it, or an embarrassing text to your boss in the heat of the moment at late night, or maybe accidentally sent messages or photos to a wrong group chat?

Facebook is now rolling out a long-promised option to delete text messages, photos, or videos inside its Messenger application. The unsend feature allows users to delete a message within 10 minutes of sending it, for both individual and group chats.

Read more...

MongoDB databases still being held at ransom, 2 years after attacks!

MongoDB databases still being held at ransom, 2 years after attacks!

Two years after hacker groups began ransacking MongoDB databases and requesting ransom payments, the practice is still very much alive as reported by Catalin Cimpanu, a security researcher.

While the original hacker groups who started this trend have stopped after a few months, new ones have constantly joined in on the attacks over the past few years, only to discover that the practice isn't as lucrative as they might have hoped, and later, dropping out after failing to make any profits.

Read more...