Silensec Newsletter

Category: News

Top News

Uber concealed hack of 57 million accounts for more than a year!

Hackers stole names, email addresses, and phone numbers of 57 million Uber riders around the world in a breach dating back to October 2016. Data on more than 7 million drivers was also stolen, including over 600,000 drivers' license records. Trip records, location data, and social security numbers were not stolen in the breach, the company said.

The company's former CSO kept the hack a secret & paid the hackers $100,000 to delete the data and to keep details of the breach quiet. The breach happened under the watch of former chief executive Travis Kalanick, who knew about the cyberattack. His former deputy, CSO Joe Sullivan, a former federal prosecutor and senior Facebook executive, covered up the breach, the publication reported.

The company confirmed the breach.


Firefox to warn users who visit p0wned sites

Do you really want to go there? Mozilla developer Nihanth Subramanya has revealed the organisation's Firefox browser will soon warn users if they visit sites that have experienced data breaches that led to user credential leaks.

Subramanya explained that Mozilla has teamed with to source data that will warn users.

The feature's not complete, in code or conceptually.


Major Hacks of the Week

Canadian Business Banking Customers Hit With Targeted Phishing, Account Takeover Attacks

IBM X-Force research has been following the activity of a cybergang that has been targeting Canadian businesses with customized phishing attacks, likely operating out of Ukraine. The attacks are designed to trick those with account access to divulge their company'€™s online banking credentials, one-time passwords and two-factor authentication codes. The goal of this targeted phishing attack is to take the account over and transfer money to mule accounts that the criminals control.


Crooks set up a fake Symantec Blog to spread the macOS Proton malware

Attackers used the same domain registration information of the original site, Symantec, except for the email address. The attackers created a the fake blog symantecblog[dot]com that mirrored content from the original website. The experts from Malwarebytes discovered that a post about a new version of CoinThief malware was promoting the application called "Symantec Malware Detector,"€ that was used to distribute the OSX.Proton.


We are hiring!

Silensec is looking for CyberSecurity professionals like you


Apply Now!

Major Vulnerabilities Disclosed

Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details. Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card information and login credentials and injecting HTML code into visited web pages.


BankBot Returns On Play Store - A Never Ending Android Malware Story

A team of researchers from several security firms has uncovered two new malware campaigns targeting Google Play Store users, of which one spreads a new version of BankBot, a persistent family of banking Trojan that imitates real banking applications in efforts to steal users' login details. BankBot is designed to display fake overlays on legitimate bank apps from major banks around the world, including Citibank, Wells Fargo, Chase, & DiBa, to steal sensitive information, including logins and credit card details.


Legal, Regulatory and Corporate
Security and Beyond

Today—and Every Day—We Fight to Defend the Open Internet!

The FCC is ceding to the demands of a handful of massive ISPs, like Comcast, Verizon, and AT&T as it is clear that Chairman Pai is seeking to reverse the 2015 Open Internet Order that established clear but light touch protections for Internet users and Internet innovation. The FCC today abdicates a fundamental responsibility as its' proposed plan interfers with state efforts to protect consumer privacy and competition—but Internet users won’t. Today, and every day, we will fight to defend net neutrality. Tell Congress that lawmakers must act to defend our open Internet.


How FCC Plans to Reverse Title II Action in December!

FCC's plans regarding net neutrality, set to be revealed in detail today, aren't going to end net neutrality. What the FCC is planning to do is reverse the decision that placed the internet under Title II of the Communications Act. FCC Chairman will release a proposed order to revert internet governance to the status that was in place prior to the 2014 reclassification. It will keep the transparency rule, which requires providers to say exactly what they promise to do as well as what they promise not to do.


Security Awareness Tip

Dealing With Data Loss Your Firewall Can't Stop!

Passive Information Leakage (PIL) occurs when a user’s behavior & patterns of activity can reveal confidential information & plans. To prevent PIL, you need to disrupt the two key factors:

  1. Pattern
  2. Identity.

If you prevent your target from being able to connect your activities to each other, they can’t build a pattern.

If you prevent them from connecting your activity to your identity, they can’t attribute the information.


Teach them while they're still young!

Use our free CyberSecurity guideline to help your kids stay safe while online


Read more

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree (Hons) from the University of Nairobi in Kenya. He's an avid infosec reader and publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed