Silensec Newsletter

Category: News

Top News

Google Public DNS now supports DNS-over-TLS

Google Public DNS is the world'€™s largest public Domain Name Service (DNS) recursive resolver, allowing anyone to convert Internet domain names like www(dot)example(dot)com into Internet addresses needed by an email application or web browser.

Starting today, users can secure queries between their devices and Google Public DNS with DNS-over-TLS, preserving their privacy and integrity.


Blacklisted Kaspersky Tips NSA on security breach

Computer security firm, Kaspersky Labs helped NSA spy agency to uncover one of its worst-ever security breaches: one year before the US banned the company's products for government use, US media has reported.

Reports say the Moscow-based maker of anti-malware products told the NSA that one of its contractors, Harold Martin, had contacted it via cryptic messages on Twitter.

This came shortly before unknown hackers made available on the internet an assembly of advanced hacking tools used.


Major Hacks of the Week

Hackers Using Zero-Width Spaces to Bypass MS Office 365 Protection

Security researchers have been warning about a simple technique that cybercriminals and email scammers are already being using in the wild to bypass security features of Microsoft Office 365, including Safe Links, which are originally designed to protect users from malware and phishing attacks.

Safe Links has been included by Microsoft in Office 365 as part of its ATP (Advanced Threat Protection) solution that works by replacing all URLs in an incoming email with Microsoft-owned secure URLs.


Iran-Linked DNS hijacking attacks target organisations worldwide

A DNS hijacking campaign targeting organizations in various sectors around the world may be the work of the Iranian government.

The attacks, which may have been carried out by one or more threat groups, have been aimed at government agencies, ISPs and other telecommunications providers, Internet infrastructure entities, and sensitive commercial organizations located across the Middle East, North Africa, North America and Europe.


Major Vulnerabilities Disclosed

Better get patching: 19 serious vulnerabilities in Juniper Networks kit

Juniper Networks has had its first big bug day in months, with 19 patches announced covering everything from third-party package catchups to critical errors in password handling.

First on the critical list is CVE-2019-0006, which affects Junos OS 14.1X53, 15.1, and 15.1X53 running on EX, QFX and MX units. A crafted HTTP packet can be sent to the target, and this "can result in a crash of the fxpc daemon or may potentially lead to remote code execution".


3 bugs found in the popular Linux suite systemd

Security experts disclosed three flaws in the systemd, a software suite that provides fundamental building blocks for Linux operating systems.

The three flaws, CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866 were found in a component of systemd, a software suite that provides fundamental building blocks for a Linux operating system used in most major Linux distributions.


Legal, Regulatory and Corporate
Security and Beyond

Canadian senator's personal data leaked online in apparent Twitter hack

Conservative Senator Linda Frum’s Twitter account was hacked recently, with those responsible sharing personal information including her drivers license and using racial slurs in their Tweets.

The Tweet then shared an image of both the front and back of her drivers licence, showing personal information including her address.


NSA will reveal its GHIDRA Reverse Engineering tool at RSA Conference

The National Security Agency NSA will release at the next RSA Conference a free reverse engineering framework called GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

The framework was first mentioned in the CIA Vault 7 dump that was leaked in 2017. WikiLeaks obtained thousands of files allegedly originating from a CIA high-security network that details CIA hacking techniques, tools, and capabilities.


Security Awareness Tip

RECAP: 5 things we need to know about cybersecurity

Involving employees in the company’s cybersecurity protocol converts them from being the source of the problem to actually becoming part of the solution. Having staff members who at least know the general cybersecurity best practices takes a load off the company’s IT managers who are on the front lines of cyber defense. Below are 5 tips:

  1. Ensure password protection
  2. Sensitive data privacy
  3. Network safety awareness
  4. Identifying possible threats
  5. Threat/breach report procedure

Employees are the weakest link to a company’s cybersecurity. This is why they should be trained on at least the basics of cybersecurity. This is just the tip of the iceberg, though. Employees should be provided with specific training and further education to improve their cybersecurity knowledge and awareness.


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed