Silensec Newsletter

Category: News
Top News

Hackers Finally Post Stolen Ashley Madison Data

Hackers who stole sensitive customer information from the cheating site AshleyMadison.com appear to have made good on their threat to post the data online.

A data dump, 9.7 gigabytes in size, was posted on Tuesday to the dark web using an Onion address accessible only through the Tor browser. The files appear to include account details and log-ins for some 32 million users of the social networking site, touted as the premier site for married individuals seeking partners for affairs. One analysis of email addresses found in the data dump also shows that some 15,000 are .mil. or .gov addresses.
  Read more...

 

Jeb Bush: encryption makes it too hard to catch "evildoers"

You can count Republican presidential candidate Jeb Bush on the side of the FBI and the NSA, and against strong encryption.

Bush, the former governor of Florida, said Tuesday that  "If you create encryption, it makes it harder for the American government to do its job - while protecting civil liberties - to make sure that evildoers aren't in our midst." Read more...

 

 

 

Major Hacks of the Week

Hackers Steal Payment Card Data From Web.com 

Web.com said that it discovered the breach of one of its computer systems on August 13, 2015 through its ongoing security monitoring. Fortunately, the 93,000 customers affected by the breach represent a rather small percentage of the company's more than 3.3 million customers. Data accessed by the attackers included the name and address attached to payment cards, but card validation codes were not compromised, and no other customer information was accessed, the company said. Read more...

Cyber-Criminals Target Another Network Service to Amplify DDoS Attacks

Attackers have started using a common network service to amplify Distributed Denial-of-Service attacks and flood targeted networks with data packets, telecommunications firm Level 3 Communications stated in an analysis published on Aug. 17. Using the service, known as portmap or portmapper, an attacker can send a simple request and create a much larger stream of data—from 7 to 28 times larger—to be sent to a targeted network. Read more...

Major Vulnerabilities Disclosed

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists

If you're using OS X Yosemite, watch out for malware exploiting a new way to take complete control of your Mac. A vulnerability has been found in Apple's operating system that allows ordinary software on the computer to gain all-powerful root privileges, allowing dodgy apps to install new programs, create users, delete users, trash the system, and so on, without the owner's permission. At the heart of the security hole are really two issues that together can be exploited via IOKitLib, an interface for accessing devices from normal applications. Read more...

Unholy Hong Kong hackers hit evangelicals with IE 0day

Hackers are already using an Internet Explorer vulnerability disclosed this week to hack members of an evangelical church. The attackers compromised the website of the Evangelical Lutheran Church of Hong Kong, injecting a malicious iFrame that redirects the faithful to a malicious website sporting the Internet Explorer vulnerability (CVE-2015-2502). More javascript redirections lead to the PlugX (pdf) malware landing on machines. Once running, the malware opens a back door and begins harvesting data. Read more... 

Legal, Regulatory and Corporate

Anti-privacy unkillable super-cookies spreading around the world – study

At least nine telcos around the world are using so-called super-cookies to secretly monitor citizens' online behavior, according to a new study. A super-cookie is a token unique to each subscriber that is injected into every HTTP request made through a telco's cellphone networks. They can't be stripped by the user: every time a subscriber visits a website from his or her smartphone, the telco's system places the super-cookie in the HTTP headers, so that the site's servers can identify the visitor. This super-cookie allows ad networks and media publishers to follow people across the internet even if they clear their cookies. It allows the networks to build up profiles on users' habits, and pitch them targeted advertising, while the telcos take a cut. Read more...  

Adobe pays $US1.2M plus settlements to end 2013 breach class action 

Adobe has paid an undisclosed amount to settle customer claims and faces US$1.2 million in legal fees after its 2013 data breach which compromised the details of 38 million users. The creative content king was served a November 2013 class action lawsuit filed in California in which it is claimed "shoddy" security practises lead to the breach. The breach occurred when hackers raided a backup server on which they found, and subsequently published, a 3.8GB file containing 152 million usernames and poorly-encrypted passwords, plus customers' credit card numbers. Read more...

Security and Beyond

Boffins nail 2FA with 'ambient sound' login for the lazy

Internet users who think two taps on a smartphone is two taps too much may soon be able to use seamless second factor authentication that verifies a person is in possession of their phone by matching ambient noise sound prints. Researchers Nikolaos Karapanos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun of the University of Zurich say identities can be verified by matching short sound recordings captured by user's phone with that recorded on a desktop or laptop. The "Sound-Proof" verification process, which occurs without user interaction, can determine that a user and their two factor device are in the same room. Read more...  

Bruce Schneier: 'We're in early years of a cyber arms race'

LinuxCon 2015 Security guru Bruce Schneier says there's a kind of cold war now being waged in cyberspace, only the trouble is we don't always know who we're waging it against. He warned that the modern security landscape is becoming increasingly complex and dangerous. "We know, on the internet today, that attackers have the advantage," Schneier said. "A sufficiently funded, skilled, motivated adversary will get in. And we have to figure out how to deal with that." Using the example of last November's crippling online attack against Sony Pictures, Schneier said it was clear that many of these new attacks were the work of well-funded nation-states. Read more...

Security Awareness Tip
 

Know How to Spot Fake Software 

We've all seen the pop-up windows telling us that our PC is infected with a virus or other malware.But the real malware can be that "free software" and the "free offer" to fix your PC.

Those ads and warnings can be fake, and you’ll do more damage to your PC and the security of your personal information if you fall for such offers. Fake software can itself install malware, or at least snatch personal information from your PC and send it to the bad guys.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our feed-image Feed.

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed