- Tuesday, 07 July 2015
- Hits: 1508
Hackers Hit the IRS and Make Off With 100K Taxpayers’ Files
Study: Average cost of data breach is $6.5M !!!
|Major Hacks of the Week|
Indian music streaming service Gaana hacked, millions of users’ details exposed
Indian music streaming service Gaana, which has over 7.5 million monthly visitors, has been comprised by a hacker and its user information database is now exposed. The hacker, who goes by the moniker Mak Man and appears to be based in Lahore, Pakistan, posted a link to a searchable database of Gaana user details on his Facebook page. Enter a user’s email address and it spits out their full name, email address, MD5-hashed password, date of birth Facebook and Twitter profiles and more. Read more...
Hola — A widely popular Free VPN service used as a Giant Botnet
The bandwidth of Millions of users of a popular free VPN service is being sold without their knowledge in an attempt to cover the cost of its free service, which could result in a vast botnet-for-sale network."Hola," a free virtual private network, is designed to help people abroad watch region restricted shows like American Netflix, and other streaming United States media. Read more...
|Major Vulnerabilities Disclosed|
Exposing the vulnerabilities in Oracle PeopleSoft applications
PeopleSoft systems are often accessible from the Internet. And some parts of the system have to be available before registration, for example, job application forms or “Forgot your password?” forms. For this purpose, there is a special user with minimal rights in PeopleSoft systems. When you enter, the system automatically authenticates you as this user. It is an opportunity to perform a privilege escalation attack by bruteforcing the authentication cookie called TokenID. TokenID is generated based on SHA1 hashing algorithm, and according to the latest information, 8-characters alpha-numeric password can be decrypted within one day on latest GPUs that cost about $500. The optimal attack vector depends on the hacker’s goal. The impact of different attacks can involve espionage, sabotage, and fraud. Read more...
That EVIL TEXT that will CRASH your iPhone
Analysis Cads and/or bounders can crash and reboot iPhones from afar by sending them specially crafted texts, thanks to a new vulnerability in iOS.A 75-byte sequence of unicode characters triggers the glitch, and can be smuggled into text messages, causing iThings to crash if they appear in the victim's notification screen. Texting the data to your pals will force their devices to reboot if they try to open it from the notification panel. Read more...
|Legal, Regulatory and Corporate|
Kali Linux gives itself a Docker-cut
Penetration testing gurus Offensive Security have made their popular Kali operating system available for Docker-addicted system administrators. Developer Mati Aharoni acted on a request from a user who asked for a Dockerised image of the Kali penetration testing system platform. The hackers bootstrapped a minimal Kali Linux 1.1.0a base under its Docker account providing security bods with access to the platform's top 10 tools. Kali is a staple for penetration testing as it is a dedicated security platform loaded with offensive hacking tools. Read more...
Over the long weekend, rather than taking a break, the hacker community was up in arms about proposed rules that would restrict the free and open use of attack tools and software exploits invaluable for their work. And some big voices have backed them, with Facebook, Google and Yahoo executives and researchers, fighting their corner in personal terms, battling with the human rights activists who appeared to have caused the problems two years ago. Read more...
|Security and Beyond|
Pakistani CEO arrested for selling degrees from “Barkley” and “Columbiana”
The CEO of a Pakistani company called Axact, which called itself the country's largest software exporter, was arrested yesterday in Karachi. Axact and its CEO, Shoaib Ahmed Shaikh, are accused of running a global network of selling fake diplomas.Axact had 2,000 employees and sold fake diplomas on a network of 370 websites. Read more...
Cyber-Security Is a Top Priority in Corporate Boardrooms
Security vendor Veracode and NYSE (New York Stock Exchange) Governance Services released a study this week that examines the role of cyber-security in the boardroom. Over the course of the last year, cyber-security has increasingly become top of mind for many, including corporate boardroom executives. Read more...
|Security Awareness Tip|
Patching prevents zero-day vulnerabilities.It is advisable to ensure systems are patched on a regular basis and the patch management process is controlled in such a way that patches are always tested in a separate testing environment before they are deployed.
|Silensec Editorial Team|
Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor
Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.
Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.
For any questions please click on the following contact us link