Silensec Newsletter

Category: News
Top News

Facebook hands hackers $100k for breaking browsers

Four researchers have scored US$100,000 from Facebook for revealing 11 bugs affecting platforms including the Chrome and Firefox browsers using novel vulnerability discovery methods. 

"We all benefit from this kind of work—a large part of why Facebook has been successful in serving nearly 1.5 billion people is because we have been quick to introduce and adopt categories of systems and frameworks that prevent whole classes of vulnerabilities at once," Papagiannis says in a statement. The hacks are detailed in the paper Type Casting Verification: Stopping an Emerging Attack Vector (PDF) in which the quartet offered a #tool to help detect the bad-casting and type-confusion holes.  Read more...

 

Lenovo Caught Using Rootkit to Secretly Install Unremovable Software

Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns. Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware. One of the most popular Chinese computer manufacturers ‘Lenovo’ has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells. The feature is known as "Lenovo Service Engine" (LSE) – a piece of code presents into the firmware on the computer's motherboard. Read more...

 

 

Major Hacks of the Week

Fraudsters steal nearly $47 million from Ubiquiti Networks

US networking technology company Ubiquiti Networks has been swindled by fraudsters and has lost nearly $47 million. According to the quarterly financial report the company filed last week with the US Securities and Exchange Commission, they discovered that they have became a victim of a criminal‬ ‪‎fraud‬ on June 5, 2015. "The incident involved employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance‬ department. This fraud resulted in transfers of ‪‎funds‬ aggregating $46.7 million held by a Company‬ subsidiary incorporated in Hong Kong to other overseas accounts held by third parties," the report says. Read more...

Huge hack attack: UK data cops to probe Carphone Warehouse breach

Britain‬'s data watchdog plans to investigate a massive hack attack on ‪‎Carphone‬ Warehouse's systems‬, which has put 2.4 million ‪‎customers‬ at risk of having their personal info ransacked by wrongdoers. On Saturday afternoon, the company‬ coughed to the mega ‪‎data breach‬ and added that up to 90,000 subscribers may have had their ‪‎encrypted‬ credit card details swiped during the incident.  Read more...

Major Vulnerabilities Disclosed

HTC caught storing fingerprints AS WORLD-READABLE CLEARTEXT

Four FireEye researchers have found a way to ‪‎steal‬ fingerprints‬ from ‪‎Android‬ phones‬ packing ‪‎biometric‬ sensors such as the Samsung‬ Galaxy S5 and the HTC‬ One Max. The team found a forehead-slapping flaw in HTC One Max in which fingerprints are stored as an image file (dbgraw.bmp) in a open "world readable" folder! The team say attackers‬ with some remote code execution exploits‬ in hand can harvest these fingerprints en masse. Read more...

Attackers actively exploit Windows bug that uses USB sticks to infect PCs

Attackers‬ are actively exploiting a vulnerability in all supported versions of Windows that allows them to execute malicious ‪‎code‬ when targets mount a booby-trapped USB on their computers‬, Microsoft‬ warned Tuesday in a regularly scheduled bulletin that patches the flaw. The vulnerability‬ is reminiscent of a critical flaw exploited around 2008 by an NSA-tied ‪‎hacking‬ group dubbed Equation Group and later by the creators of the Stuxnet computer worm‬ that disrupted Iran's nuclear program. Read more... 

Legal, Regulatory and Corporate

Twitter sees its largest increase from governments wanting account information

Governmental bodies around the world have an appetite for Twitter account information and are wanting more than ever, with the social network reporting its largest increase in requests for account information in the history of its transparency report. United States leading the way by making 56 percent of all global requests, closely followed by Japan‬, Turkey‬, South Korea‬ & France‬ Read more...  

Cisco network kit warning: Watch out for malware in the firmware

Cisco‬ has warned users to watch out who's got admin access to kit, because it's seen malicious ROM images in the wild. The problem is that this isn't something the Borg can just issue a patch for. Admins – with appropriate credentials, naturally – need to be able to drop new ROM images on their kit as a matter of course."The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that administrators use to manage their networks‬", Cisco says. "In all cases seen by Cisco, attackers accessed the devices using valid administrative credentials", the note states, meaning someone back-tracked the attack‬ to the admin account used. Read more...

Security and Beyond

Hackers charged after pocketing $100m from stolen material

An international team of computer‬ hackers‬ and stock‬ traders has been charged with pocketing more than $100 million in illicit profits made from on-selling stolen‬ market-moving ‪‎media‬ releases. The US Department of Justice said that in addition to the two Ukraine-based ring-leaders, seven defendants from Ukraine and the United States were involved in the criminal conspiracy, making more than $30 million in illegal trades‬ on the pilfered information‬. "The defendants launched a series of sophisticated and relentless cyber attacks‬ against three major newswire companies, stole highly confidential information, and used [it] to enrich themselves at the expense of public companies and their shareholders." US attorney Paul Fishman said. Read more...  

Malvertising set to wreak one BEELLION dollars in damage this year

Records have fallen as malvertising clocked its most prolific month in history, making it one of the biggest threats to endpoint security. If the scourge continues, criminals will have inflicted a billion dollars in damages by the end of the year from a paltry US$12,000 investment, according to researchers at security firm Invincea. In this threat report [PDF], the firm says it blocked some 2100 malvertising attacks against its customers. It says the attacks represent 2.1 million malicious advertisements purchased by maldoers.

Read more...

Security Awareness Tip
 

How to ward off phishing attacks

As scams continue to proliferate at alarming rates and are becoming more and more difficult to detect. It's important for you to understand how to recognize a phishing attempt and what you can do to protect yourself. 

What Can I Do?

  • Be cautious about all communications you receive.
  • If it appears to be a phishing communication, do not respond. Delete it
  • Do not click on any links listed in the email message and do not open any attachments contained in suspicious email.
  • Do not enter personal information in a pop-up screen. Legitimate companies, agencies and organizations don't ask for personal information via pop-up screens.
  • Install a phishing filter on your email application and also on your web browser. These filters will not keep out all phishing messages, but will reduce the numbers of phishing attempts

Bad guys often use current news, sensational topics, and promises of shocking photos and video to get you to click on malicious links. Don't fall for it! Stop and think before you click.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our feed-image Feed. For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed