Silensec Newsletter

Category: News

Top News

Save the Children Foundation duped by hackers into paying out $1 million

Save the Children Foundation has revealed that the charity was targeted by fraudsters last year, leading to the loss of $1 million.

Speaking to the Boston Globe, the US arm of the non-profit, which supports children worldwide, said that con artists managed to compromise an employee's email account in order to masquerade as the staff member in question.


Fraudster convicted of online banking thefts using...whatever the hell this thing is

Police in London have put away a fraudster who was using a bizarre homemade device to con people out of the contents of their bank accounts.

London's Metropolitan Police say that the 53 year-old man has admitted to nine counts of possession of an article for use in fraud and two counts of making or supplying an article for use in fraud. He has been sentenced to 20 months in prison.


Major Hacks of the Week

Iran Hackers Hunt Nuke Workers, US Officials

The AP drew on data gathered by the London-based cybersecurity group Certfa to track how a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private e-mails of more than a dozen U.S. Treasury officials.

Also on the hackers’ hit list: high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and D.C. think tank employees.


Cyber attack hit the Italian oil and gas services company Saipem

Saipem has customers in more than 60 countries, including Saudi Arabian oil and gas giant Saudi Aramco. It could be considered a strategic target for a broad range of threat actors.

The attack has been identified out of India on Monday and primarily affected the servers in the Middle East, including Saudi Arabia, the United Arab Emirates, and Kuwait. Main operating centers in Italy, France and Britain had not been affected.


Major Vulnerabilities Disclosed

Ships infected with ransomware, USB malware, worms

Ships suffer from the same types of cybersecurity issues as other IT systems, a recent document released by the international shipping industry reveals.

The document is the third edition of the "Guidelines on Cyber Security onboard Ships,"Â an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups.


WordPress botnet composed of +20k installs targets other sites

Experts from security firm Wordfence uncovered a botnet composed of over 20,000 WordPress sites that is being used to compromise other websites running on the popular CMS and recruit them.

The botnet is used by attackers to carry out brute force attacks against other WordPress sites, according to Wordfence Defiant Threat Intelligence team, the botnet has already generated over 5 million authentication requests.


Legal, Regulatory and Corporate
Security and Beyond

UK white hats blacklisted by Cisco Talos after smart security code stumbles

UK security training company Hacker House briefly had its site blocked after being mistaken for malware by Cisco's security wing Talos' smart "threat intelligence" software.

Hacker House runs training classes on ethical hacking and defense techniques, as well as its own business security services in areas like penetration testing or network analysis.

But on Wednesday morning things started to go awry.


Linux(dot)org defaced via DNS hijack

The Linux(dot)org community website was defaced last week after someone gained access to its associated registrar account and modified DNS settings.

The defacement page was changed a few times, but it included an obscene picture, racial slurs, and a protest against the new Linux kernel developer code of conduct.

It also showed links and redirected users to a Twitter account (@kitlol5) believed to be operated by the hacker.


Security Awareness Tip

IoT security refers to the practice of eradicating vulnerabilities in IoT devices and equipping them with the means to detect, resist and recover from malicious attacks.

Implementing security into your IoT solution involves four steps:

  1. Think of the IoT process from a security-first point of view
  2. Consider how well each vendor engineered their product
  3. Prevent backdoor insertion during product development or deployment by implementing best practices for code review, code logging and operations monitoring
  4. Implement clear security policies and rules to follow in hardware, software and protocols


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed