Silensec Newsletter

Category: News

Top News

US China-watcher warns against Middle Kingdom tech dominance

Another U.S. government panel has warned of the dangers of over-reliance on Chinese tech vendors: the US-China Economic and Security Review Commission.

The commission released its 2018 annual report today, and in it warned that China's plans to dominate two key tech sectors - the Internet of Things, and 5G - represented a threat to US critical infrastructure.


Microsoft patches windows zero-day used by multiple cyber-espionage groups

Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws.

Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today's patches were made available.

The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component.


Major Hacks of the Week

WordPress GDPR plugin inadvertently exposed sites to hackers

Attackers have been exploiting a flaw in a WordPress GDPR-compliance plugin to hijack vulnerable websites and implement remote code execution.

The flaw had been present in Wordfence's GDPR Compliance plugin for at least four months and, ironically, allowed hackers to gain access to a site using the tool.

Hackers could then execute any action and update any database value.


Hacking the hackers - IoT botnet author adds his own backdoor on top of a ZTE router backdoor

A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers. Ironically, this is not the only backdoor in the script.

Scarface, the propagator of this code has also deployed his custom backdoor to hack any scriptkiddie who will be using the script.


Major Vulnerabilities Disclosed

Facebook flaw could have exposed private info of users and their friends

A new security vulnerability has been reported in Facebook, the flaw could have been exploited by attackers to obtain certain personal information about users and their network of contacts.

The recently discovered issue raises once again the concerns about the privacy of the users of social network giant.

The vulnerability was discovered by security experts from Imperva, it resides in the way Facebook search feature displays results for queries provided by the users.


Card skimming malware removed from Infowars online store

Malware capable of secretly recording payment card details was removed today from the Infowars online store after ZDNet reached out to the company's staff.

The malware, categorized as a generic Magecart infection, was spotted earlier today during a cursory scan by Dutch security researcher Willem de Groot.


Legal, Regulatory and Corporate
Security and Beyond

Mark Zuckerberg ordered all Facebook executives to use Android phones

Facebook CEO ordered his management team to only use Android phones, given that the operating system has more total users worldwide.

According to a report by The New York Times, the decision reportedly occurred after Apple CEO Tim Cook criticized Facebook in an MSNBC interview for being a service that traffics "in your personal life."


Anonymous use of messengers in Russia is prohibited

After 180 days, all messengers will be required to identify their users by phone numbers of operators.

Prime Minister Dmitry Medvedev signed a government resolution approving the relevant rules last week. He believes that this is necessary for the safety and convenience of users.

The administrators of the messenger will check the information about the correctness of the number.


Security Awareness Tip

6 Cyber Security tips for employees

  • Take the words out of passwords. Remember this simple adage: the best possible password is one that you don't know.
  • Phish yourself. The best training is live training.
  • Keep multiple lines of internal communication.
  • Use Multi-Factor Authentication.
  • Stay off public WiFi.
  • Don't ignore application updates.


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed