Silensec Newsletter

Category: News

Top News

Chinese spying chips found in servers used by US tech companies

A report revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state.

According to the report, a tiny surveillance chip has been found hidden in the servers used by nearly 30 American companies, including Apple & Amazon.

The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China.

Read more...

New Yorkers sue Trump and FEMA to stop Presidential Alert

Three New York residents last week filed a lawsuit in the Southern District Court of New York against President Donald Trump and William Long, administrator of the Federal Emergency Management Agency.

The residents want to halt FEMA's new Presidential Alert messaging system, which enables Trump to deploy alerts of national emergencies.

Presidential Alerts are similar to Amber or other emergency alerts on your phone - you hear a loud noise comes along with vibration.

Read more...

Major Hacks of the Week

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.

Hidden Cobra is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world.

Read more...

100,000 home routers recruited to spread Brazilian hacking scam

A DNSchanger-like attack first spotted in August on D-Link routers in Brazil has expanded to affect more than 70 different devices and more than 100,000 individual piece of kit.

Radware first identified the latest campaign, which started as an attack on Banco de Brasil customers via a DNS redirection that sent people to a cloned Website that stole their credentials.

Read more...

Major Vulnerabilities Disclosed

Vulnerable Android password managers make phishing attacks easier

Android password managers can be tricked into entering valid login credentials into phishing apps, a group of researchers has discovered.

They have also found that Instant Apps, a Google technology that allows users to “try” Android apps without the need to fully install them, can make phishing attacks more practical.

 

Read more...

Telegram leaked IP addresses of its desktop app users

Telegram, a popular privacy-focused instant messaging application, reportedly contained a bug that can leak the IP addresses of users.

Known for providing end-to-end encryption, Telegram's desktop app has been discovered to be leaking not just public but private IP addresses of its users by-default during voice calls and users cannot turn off the feature.

Read more...

Legal, Regulatory and Corporate
Security and Beyond

Facebook hack highlights importance of cyber risk procedures for employees

The recent data breach that saw hackers gain access to over 50 million Facebook users’ accounts, has once again highlighted the need for businesses to adequately manage their cyber security risks.

It particularly indicates the importance of having robust policies and procedures in place for employees. Employees need to understand the importance of basic online security measures such as smart password management.

Read more...

iOS crypto-mining and spreading via malicious content delivery system

Early 2018, researchers published 2 blog posts about Roaming Mantis sharing details of this new cybercriminal campaign. In the beginning, the criminals used DNS hijacking in vulnerable routers to spread malicious Android applications of Roaming Mantis, spoofing legitimate applications such as Facebook and Chrome.

The malware now supports 27 languages, including multiple countries from Asia and beyond, Europe and the Middle-East. In addition, they have started using web crypto-mining for PC, and an Apple phishing page for iOS devices.

Read more...

Security Awareness Tip

Proper disposal of information/data

Destroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, health records.

Ensure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed