Silensec Newsletter

New Cold Boot attack unlocks disk encryption on nearly all modern PCs

New Cold Boot attack unlocks disk encryption on nearly all modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption.

The attack is a new variation of a traditional Cold Boot attack, which lets attackers steal information that briefly remains in the memory (RAM ) after the computer is shut down.

Read more...

2 billion Bluetooth devices remain exposed to airborne attack vulnerabilities

2 billion Bluetooth devices remain exposed to airborne attack vulnerabilities

2 billion devices - including hundreds of millions of Android and iOS smartphones - still remain exposed to the threat, one year after security vendor Armis disclosed a set of nine exploitable vulnerabilities in Bluetooth.

Armis disclosed the vulnerabilities - collectively dubbed BlueBorne - last September, describing them as an attack vector for adversaries to take complete control of Bluetooth devices.

Read more...

Hacker uses ProtonMail VPN. Hacker DDoSes ProtonMail. Hacker gets arrested

Hacker uses ProtonMail VPN. Hacker DDoSes ProtonMail. Hacker gets arrested

A major OpSec mistake led to the arrest of a hacker part of a hacking crew that launched DDoS attacks against ProtonMail, Tutanota, and many other sites through the summer.

The hacker is a 19-year-old teenager named George Duke-Cohan, from Hertfordshire, UK. Duke-Cohan was known online under the nickname of "optcz1," the leader of the Apophis Squad hacking crew.

Read more...

Bitcoin Gold delisted from major cryptocurrency exchange after refusing to pay hack damages

Bitcoin Gold delisted from major cryptocurrency exchange after refusing to pay hack damages

Bittrex, one of the largest cryptocurrency exchange platforms, has delisted Bitcoin Gold (BTG) from its trading platform over the weekend after BTG maintainers declined to pay half of the damages Bittrex suffered during a complex multi-stage cyber-attack earlier this year.

According to a statement from the BTG team, Bittrex asked the BTG team to pay 12,372 BTG ($256k) as reparations for the attacks.

Read more...

Air Canada data breach - 20,000 users of its mobile app affected

Air Canada data breach - 20,000 users of its mobile app affected

Air Canada data breach - The incident was confirmed by the company and may have affected 20,000 customers of its 1.7M mobile app users.

The news was confirmed by Air Canada that revealed to have detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions.

The company has asked Mobile+ app users to reset their accounts as a security precaution. Air Canada contacted potentially affected customers by email to notify the data breach.

Read more...

Instagram's new security tools are a welcome step, but not enough

Instagram's new security tools are a welcome step, but not enough

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. Recently, the Facebook-owned social network said it is in the process of rolling out support for 3rd-party authentication apps.

Unfortunately, this welcome new security offering does nothing to block Instagram account takeovers when thieves manage to hijack a target’s mobile phone number - an increasingly common crime.

Read more...