Silensec Newsletter

Category: News
Top News

Hacker uses Starbucks INFINITE MONEY for free CHICKEN SANDWICH

Sakurity hacker Egor Homakov has found a way to dupe Starbucks into loading free cash onto the "coffee" chain's payment cards. Homakov says a race condition within Starbuck's card purchase system means money can be transferred between cards without it being deducted. The bug hunter exploited the bug and tested it by purchasing food and drink at Starbucks. He says he pulled off the hack which he first quietly reported to the coffee house by opening two browser windows and simultaneously moving US$5 from one account to another in both sessions. Read more...

 

 

'Phantom Menace' Hack Strikes Oil Industry Computers!

What looked to be an ordinary malware attack on a computer at an oil-trading firm turns out to have been part of a targeted attack on the industry at large, according to a report from Panda Security. It began, as it so often does, with someone on their work computer opening an email attachment they shouldn't have. This attachment, instead of producing one of the many trojans, worms or viruses already watched for by antivirus programs, merely unpacked a few common scripts and tools often used by Windows programs — thus avoiding detection. Read more...

 

Major Hacks of the Week

Hacker leaks sensitive info of millions of Adult FriendFinder users

Information of over 3.5 million users of dating site Adult FriendFinder has been stolen and leaked online, and is being used by spammers, scammers and phishers, a Channel 4 investigation into the Deep Web has revealed. Read more...

Hacker launches ransomware rescue kit

Security bod Jada Cyrus has compiled a ransomware rescue kit to help victims decrypt locked files and avoid paying off crooks. The kit sports removal tools for common ransomware variants along with guides for how to perform the necessary tasks. Cyrus recommends users not pay ransoms as doing so sustains the criminal business model. Read more...

Major Vulnerabilities Disclosed

HTTPS-crippling attack threatens tens of thousands of Web and mail servers

Tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services are vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections, a team of computer scientists has found.The vulnerability affects an estimated 8.4 percent of the top one million websites and a slightly bigger percentage of mail servers populating the IPv4 address space, the researchers said. Read more...

Airbus warns of software bug in A400M transport planes

A software bug may have cause the May 9 crash that grounded Airbus' troubled A400M military transport aircraft. Airbus has sent an alert to customers instructing them to conduct “specific checks of the Electronic Control Units (ECU) on each of the aircraft's engines”. Spiegel reports that the bug caused three of the transport's engines to shut down during the pre-delivery test flight. Read more...

Legal, Regulatory and Corporate

Telstra discovers Pacnet security breach after takeover

Telstra has admitted to discovering a security breach of Pacnet's corporate IT network shortly after finalising the AU$697 million purchase of the company in April. The company announced on Wednesday that it had begun informing customers and regulators in the relevant countries that an SQL injection on a web application server in Pacnet's network had allowed access to its network, and a third party had gained access to Pacnet's corporate IT network including its email and administrative system. Read more...

Tech Giants Tell Obama To Resist Calls For Backdoor Access To Encrypted Data

Apple, Google, Yahoo and more than 140 other tech industry companies have written to President Obama urging him to shoot down demands for ‘backdoor’ access to user data on smartphones and other communication devices and platforms. Read more...  

Security and Beyond

“Rachel” robocaller victims to get $1.7 million in refunds

The Federal Trade Commission's fight against the infamous "Rachel from Cardholder Services" robocalls has produced a court order to give $1.7 million in refunds to defrauded consumers. The case dates to November 2012, involving defendants including Universal Processing Services of Wisconsin, a payment processor, and telemarketer Hal Smith and his HES Merchant Services Company, the FTC said today. Per an order from US District Court for the Middle District of Florida, Universal Processing Services and HES will have to pay $1,734,972, which the FTC said "will be used to provide refunds to defrauded consumers." Read more...

Death threat, FBI complaint greet launch of intelligence community database

A project that harvested the LinkedIn resumes of 27,000 people in the global intelligence community has been greeted by the threat of lawsuits, a complaint to the FBI, and even a death threat. Transparency Toolkit's M. C. McGrath says while there hasn't yet been any official response to the open-source intelligence project, called ICWatch, there has been individual push-back. In addition to the threats, there have been some angry phone calls. Read more...

Security Awareness Tip

Selling off your old gadgets?

Whether on eBay, Amazon, Alibaba, OLX or via any other means, make sure you WIPE clean your device.
WIPING one's old devices before selling them off ensures that the new owner can't recover your personal data like photos and other sensitive documents.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and  feed-image Feed.

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed