Silensec Newsletter

Category: News

Top News

Multi-stage malware sneaks into Google Play

Another set of malicious apps has made it into the official Android app store. ESET security systems as identified them as Android/TrojanDropper.Agent.BKY, these apps form a new family of multi-stage Android malware, legitimate-looking and with delayed onset of malicious activity. These malware samples all employ a multi-stage architecture and encryption to stay under the radar.After being downloaded and installed, these apps do not request any suspicious permissions and even mimic the activity the user expects them to exhibit.

Two of most recent samples of Android/TrojanDropper.Agent.BKY were caught downloading either MazarBot, a notorious banking trojan, or spyware.

Given its nature, this downloader can deliver any payload of the criminals’ choice as long as it doesn’t get flagged by the Google Protect mechanism.


UK spymasters suspect Russia is using Kaspersky to spy on people

British Intelligence service is reportedly worried that Kaspersky Antivirus offered by Barclays to its customers may be being used by Russian Intelligence agency to spy, according to The Financial Times. Intelligence officials fear that this might allow Russia to gather intelligence from the computers of Government employees members of the military who are customers of the Bank and have downloaded the software. FT said that "No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers."


Major Hacks of the Week

Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices

BlueBorne is the name given to the sophisticated attack exploiting a total of eight Bluetooth implementation vulnerabilities that allow attackers within the range of the targeted devices to run malicious code, steal sensitive information, take complete control, and launch man-in-the-middle attacks. Once an attacker gains control of one Bluetooth-enabled device, he/she can infect any or all devices on the same network.


Apple FaceID Hacked

Vietnamese security firm Bkav released a blog post and video showing that -- by all appearances -- they'd cracked FaceID with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, which in combination tricked an iPhone X into unlocking.


Teach them while they're still young!

Use our free CyberSecurity guideline to help your kids stay safe while online


Read more

Major Vulnerabilities Disclosed

17-Year-Old MS Office Flaw Lets Hackers Install Malware Without User Interaction!

Researchers at Embedi, have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers. The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Microsoft Office 365, and works against all versions of Windows operating system, including the latest Windows 10 Creators Update. Identified as CVE-2017-11882, it resides in EQNEDT32.EXE.


Ride-share upstart 'Fasten' revealed as Hive of insecurity

Boston-based ride-hailing hopeful Fasten has coughed to a million-customer data breach that happened because someone left a database lying around unsecured. The exposed customer data included names, e-mails, telephone numbers, IMEI codes, trip details (pick-up and drop-off points), and links to photos. Corporate data, including a few thousand driver profiles, routes, comments about drivers, car registration, and photos of drivers’ vehicles.


Legal, Regulatory and Corporate
Security and Beyond

Transparency of machine-learning algorithms is a double-edged sword

One challenge the GDPR brings to companies is often overlooked: the citizens’ right to explanation. GDPR mandates that citizens are entitled to be given sufficient information about the automated systems used for processing their personal data in order to be able to make an informed decision as to whether to opt out from such data processing. But many companies are finding themselves incapable of providing an explanation of the results of their personal data processing.


Hack of Attack-for-Hire Service vDOS Snares New Mexico Man

A 46yr old man is facing federal hacking charges for allegedly using the now defunct attack-for-hire service vDOS to launch damaging digital assaults aimed at knocking his former employer’s website offline. Prosecutors were able to bring the case in part because vDOS got massively hacked last year, and its customer database of payments and targets leaked to this author and to the FBI.


Why Silensec?

At Silensec we believe in "Knowledge Transfer" that is both practical and offers you on-site practice rather than the use boring recycled slides.


Read more

Security Awareness Tip

How to Opt Out of Equifax Revealing Your Salary History!

KrebsOnSecurity broke a story of how the Equifax Workforce portal was abused for by identity thieves involved in tax refund fraud with the Internal Revenue Service. Fraudsters used SSN and DOB data to reset the 4-digit PINs given to customer employees as a password, and then steal W-2 tax data after successfully answering personal questions about those employees.
As it happens, it is possible to opt out of having your salary data sold through Equifax. According to Equifax, this involves placing a free “freeze” on your file with the Work Number.
To place a security freeze on your The Work Number employment report, send
your request via mail or you may contact us on the web at or call 800-996-7566.


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree (Hons) from the University of Nairobi in Kenya. He's an avid infosec reader and publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed