Silensec Newsletter

Category: News
Top News

Hackers Hit the IRS and Make Off With 100K Taxpayers’ Files

On Tuesday the IRS admitted that it had been the target of a breach that compromised 100,000 taxpayers’ files between February and the middle of this month. And though that may seem like a relatively small set of victims compared with recent breaches like the one affecting Target or the health insurer Anthem, the IRS says the attackers gained the full tax return transcript of the affected taxpayers, which could included a detailed dossier of their personal information including income and social security numbers. Read more...

 

 

Study: Average cost of data breach is $6.5M !!!

​An annual study from the Ponemon Institute and IBM released on Wednesday found that the average cost per capita cost in a data breach increased to $217 in 2015 from $201 in 2014. Plus, the average total cost of a data breach increased to $6.5 million from $5.8 million the prior year. Read more...

 

 

 

Major Hacks of the Week

Indian music streaming service Gaana hacked, millions of users’ details exposed

Indian music streaming service Gaana, which has over 7.5 million monthly visitors, has been comprised by a hacker and its user information database is now exposed. The hacker, who goes by the moniker Mak Man and appears to be based in Lahore, Pakistan, posted a link to a searchable database of Gaana user details on his Facebook page. Enter a user’s email address and it spits out their full name, email address, MD5-hashed password, date of birth Facebook and Twitter profiles and more. Read more...

Hola — A widely popular Free VPN service used as a Giant Botnet

The bandwidth of Millions of users of a popular free VPN service is being sold without their knowledge in an attempt to cover the cost of its free service, which could result in a vast botnet-for-sale network."Hola," a free virtual private network, is designed to help people abroad watch region restricted shows like American Netflix, and other streaming United States media. Read more...

Major Vulnerabilities Disclosed

Exposing the vulnerabilities in Oracle PeopleSoft applications

PeopleSoft systems are often accessible from the Internet. And some parts of the system have to be available before registration, for example, job application forms or “Forgot your password?” forms. For this purpose, there is a special user with minimal rights in PeopleSoft systems. When you enter, the system automatically authenticates you as this user. It is an opportunity to perform a privilege escalation attack by bruteforcing the authentication cookie called TokenID. TokenID is generated based on SHA1 hashing algorithm, and according to the latest information, 8-characters alpha-numeric password can be decrypted within one day on latest GPUs that cost about $500. The optimal attack vector depends on the hacker’s goal. The impact of different attacks can involve espionage, sabotage, and fraud. Read more...

That EVIL TEXT that will CRASH your iPhone

Analysis Cads and/or bounders can crash and reboot iPhones from afar by sending them specially crafted texts, thanks to a new vulnerability in iOS.A 75-byte sequence of unicode characters triggers the glitch, and can be smuggled into text messages, causing iThings to crash if they appear in the victim's notification screen. Texting the data to your pals will force their devices to reboot if they try to open it from the notification panel. Read more...

Legal, Regulatory and Corporate

Kali Linux gives itself a Docker-cut

Penetration testing gurus Offensive Security have made their popular Kali operating system available for Docker-addicted system administrators. Developer Mati Aharoni acted on a request from a user who asked for a Dockerised image of the Kali penetration testing system platform. The hackers bootstrapped a minimal Kali Linux 1.1.0a base under its Docker account providing security bods with access to the platform's top 10 tools. Kali is a staple for penetration testing as it is a dedicated security platform loaded with offensive hacking tools. Read more...

Why The World's Top Security Pros Are Furious About Exploit Export Rules

Over the long weekend, rather than taking a break, the hacker community was up in arms about proposed rules that would restrict the free and open use of attack tools and software exploits invaluable for their work. And some big voices have backed them, with Facebook, Google and Yahoo executives and researchers, fighting their corner in personal terms, battling with the human rights activists who appeared to have caused the problems two years ago. Read more...

Security and Beyond

Pakistani CEO arrested for selling degrees from “Barkley” and “Columbiana”

The CEO of a Pakistani company called Axact, which called itself the country's largest software exporter, was arrested yesterday in Karachi. Axact and its CEO, Shoaib Ahmed Shaikh, are accused of running a global network of selling fake diplomas.Axact had 2,000 employees and sold fake diplomas on a network of 370 websites. Read more...

Cyber-Security Is a Top Priority in Corporate Boardrooms

Security vendor Veracode and NYSE (New York Stock Exchange) Governance Services released a study this week that examines the role of cyber-security in the boardroom. Over the course of the last year, cyber-security has increasingly become top of mind for many, including corporate boardroom executives. Read more...

Security Awareness Tip

Patching

Patching prevents zero-day vulnerabilities.It is advisable to ensure systems are patched on a regular basis and the patch management process is controlled in such a way that patches are always tested in a separate testing environment before they are deployed.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and  feed-image Feed.

For any questions please click on the following contact us link

 

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed