Silensec Newsletter

Category: News

Top News

.GIF garage Imgur plugs 1.7M subscriber creds breach

The world's self-described "most awesome" collection of images, Imgur, has confessed to leaking 1.7M user records in 2014.

Imgur's chief operating officer posted a confirmation of the breach saying that users' registered email addresses and hashed passwords were leaked, but no personally-identifying information was compromised.

The only risk to passwords is that until 2016 Imgur used the SHA-256 algorithm to encrypt passwords, which is susceptible to brute-force attacks.


A new Mirai variant is rapidly spreading, 100k+ IPs running the scans in the past 60 hours

Researchers noticed big upticks on port 2323 and 23 scan traffic, with almost 100k unique scanner IP came from Argentina.

According the researcher, a publication of the proof-of-concept (PoC) exploit code in a public vulnerabilities database is the root cause of the increase of activity associated with the Mirai botnet, the experts observed scans using it.

After investigation, the researchers are convinced that this is a new mirai variant.


Major Hacks of the Week

The Shipping Giant Clarkson has suffered a security breach

Clarkson confirmed the hackers may release some of the stolen data, it hasn't provided further details due to the ongoing law enforcement investigation. The information disclosed by the company suggests cybercriminals blackmailed the company requesting the payment of a ransom in order to avoid having its dataleaked online. According to Clarkson, the hackers compromised a single user account to access the company systems, disabled after the incident and has started notifying affected customers and individuals.


NSA "Red Disk" Data Leak

The contents of a highly sensitive hard drive belonging to a division of the NSA have been left online. The virtual disk image contains over 100GB of data from an Army intelligence project, codenamed "RedDisk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download.


Major Vulnerabilities Disclosed

More Malspam pushing Emotet malware

Emotet is generally known as a banking Trojan, which is not exactly big news, nor is it a new threat. Emotet malspam bears some discussion, because it's a continuing concern. Security researcher examined recent malspam pushing Emotet came as invoice-themed emails from different mail servers, each with different sending addresses, and the URLs occasionally changed. So far, 30 emails and 19 different URLs have been seen to download fake invoice for the malware.


MacOS High Sierra Users: Change Root Password Now

A newly-discovered flaw in macOS high Sierra — Apple’s latest iteration of its operating system — allows anyone with local (and, apparently in some cases, remote) access to the machine to log in as the all-powerful “root” user without supplying a password. Fortunately, there is a simple fix for this until Apple patches this inexplicable bug: Change the root account’s password now.


Legal, Regulatory and Corporate
Security and Beyond

Privacy Rights in Balance as Supreme Court Hears Cellphone Tracking Case

Civil liberties advocates have called for the US high court to agree that privacy rights guaranteed by the US Constitution's 4rth Amendment extend to electronic data held by 3rd parties, phone companies in this case, but by implication any data held by socialmedia companies or stored in the digital cloud. But law enforcement authorities, faced with the challenges of phones used under false identities and with unbreakable encryption, say access to such data is crucial to fighting crime.


Canadian chap admits hacking Gmail inboxes amid Yahoo megahack

A Canadian hacker for hire has admitted ransacking webmail accounts for miscreants accused of orchestrating the Yahoo! megahack that hit all three billion Purple Palace user accounts. Karim Baratov, 23, appeared in a federal district court in San Francisco after striking a plea deal with US prosecutors. He was charged with 47 counts of hacking, ID theft, and espionage.


Security Awareness Tip

If you're reading this, remember to speak up when cyber-bullied

Parents and other adults in general should also create a safe space for kids to report cases of cyberbullying.
Make time for the children in your life, listen & engage with them so as to promote their onlinesafety.


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree (Hons) from the University of Nairobi in Kenya. He's an avid infosec reader and publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed