- Friday, 17 July 2015
- Hits: 1748
Windows 10 updates to be automatic and mandatory for Home users
indows Update can't be readily disabled in Windows 10 Home, and the license terms that all users must agree to allow Microsoft to install updates automatically. The Insider Preview releases of Windows 10 didn't include any way to prevent Windows Update from downloading and installing updates, but it wasn't clear if this was just some quirk of the previews, or the long-term plan; Microsoft's previews often have special rules for things like providing automated feedback and hooking up online services, and so this could have been part of that. Read more...
Flash. Must. Die.
Adobe Flash—that insecure, ubiquitous resource hog everyone hates to need—is under siege, again, and hopefully for the last time. The latest calls for its retirement come from some of the Internet’s most powerful players, in the combined clattering of Facebook, Firefox, and a legion of unsatisfied users. Flash is a closed, proprietary system on a web that deserves open standards. It’s a popular punching bag for hackers, which puts users at risk over and over again. Read more...
|Major Hacks of the Week|
Telegram messaging app cops 200Gbps DDoS
Popular messaging platform Telegram has been hit with a 200Gbps distributed denial of service (DDoS) attack. The Tsunami TCP SYN flood kicked off on Friday and hurt users in Asia, Australia, and Oceania, knocking out the service for some five percent of the company's 60 million active users it has gained in 18 months. It is a new form of DDoS attack discovered by Radware security. &they say it defeats many defense algorithms and quickly consumes bandwidth making even a modest attack clock some four to five gigabits per second. Read more...
Hackers sell 79,267 Cloudminr accounts for ONE Bitcoin
Hackers appear to have stolen the entire user database of cloud-based Bitcoin mining outfit Cloudminr.io and are offering to sell 79,267 accounts including passwords for a single Bitcoin. The Norwegian company's website is offline and criminal advertisements showcasing some of the CSV database of members has popped up on web clipboards like Pastebin. Despite their removal, some are still accessible in web caches. Read more...
|Major Vulnerabilities Disclosed|
First Java zero-day in two years exploited by Pawn Storm hackers!
Another zero-day vulnerability is being exploited in attacks spotted in the wild: this time, the targeted software is Java. The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm.
The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. Read more...
United Airlines awards hackers millions of miles for revealing risks!
United Continental Holdings Inc has awarded millions of frequent flier miles to hackers who have uncovered gaps in the carrier's web security, in a first for the U.S. airline industry. The Chicago-based carrier has hoped to trailblaze in the area of airline web security by offering "bug bounties" for uncovering cyber risks. Through the program, researchers flag problems before malicious hackers can exploit them. The cost can be less than hiring outside consultancies. Read more...
|Legal, Regulatory and Corporate|
Dozens arrested in international crackdown on Darkode crime forum!
The FBI and its counterparts in Europe, Brazil, and elsewhere have arrested more than 60 people suspected of carrying out hacking crimes associated with a secretive online forum known as Darkode, according to media reports. Darkode, according to a post published in April 2013 by KrebsOnSecurity, has long acted as an online bazaar for criminals looking to buy and sell drive-by exploits, spam services, ransomware programs, botnet tools, and other illicit products and services. Read more...
China makes internet shut-downs official with new security law
China is able to shut off internet access during major 'social security incidents' and has granted its Cyberspace Administration agency wider decision making powers under a draft law published this month. The draft also appears to require critical infrastructure organisations including foreign entities to store "important" data on Chinese soil without specific permission to host offshore. Read more...
|Security and Beyond|
Cyprus' head of intelligence falls on sword as part of Hacking Team fallout
Heads have begun to roll in the wake of the recent Hacking Team breach. The first victim on the chopping block is the head of Cyprus' intelligence service, Andreas Pentaras, who has resigned as a direct result of the fiasco after leaked documents revealed that the KYP had paid €50,000 for the company's service. Read more...
TrapX Technology Uses Deception to Ensnare Attackers
The idea of using a honeypot, a deliberately attractive and vulnerable server as a way to trap attackers, is not new, but it's a concept that security vendor TrapX is aiming to expand upon with its deception-based technology platform. TrapX announcedthat it raised $9 million in Series B funding from Intel Capital, Liberty Israel Venture Fund, BRM Group and Opus Capital. Total funding to date for TrapX stands at $14 million. The new funds are earmarked to help accelerate growth and finance research and development, said Greg Enriquez, CEO of TrapX. Read more...
|Security Awareness Tip|
How to Enable Click-to-Play Plugins in Every Web Browser
Due to the many vulnerabilities within flashplayer on browsers, users can use this procedure to only allow flashplayer to run on their browsers on demand rather than automatically. Read more...
|Silensec Editorial Team|
Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor
Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.
Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.
Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Feed. For any questions please click on the following contact us link