Silensec Newsletter

Category: News

Top News

773M email addresses, 21M passwords for sale on hacker forum

According to technology reporter, Jai Vijayan, a folder with over 12,000 files containing nearly 773M email addresses and over 21M unique passwords from numerous previous data breaches, has been posted online in another massive leak of credential data.

87 GB worth of data was discovered on cloud storage service Mega and has been uploaded on HIBP service, where individuals can verify if their email addresses are on the list.


Mozilla to disable Adobe Flash by default: Looks like Firefox 69's first in line!

Mozilla recently announced that Firefox 69 will no longer support Adobe Flash due to a large number of serious flaws exploited by hackers in attacks across the years.

The decision was made public for the first time by Adobe in July 2018, the software giant declared it would stop using Flash Player and stop providing security updates by the end of 2020.


Major Hacks of the Week

North Korean hackers infiltrate Chile's ATM network after Skype job interview

A Skype call and a gullible employee was all it took for North Korean hackers to infiltrate the computer network of Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks.

Prime suspects behind the hack are a hacker group known as Lazarus Group, one of the most active and dangerous hacking groups around, and known to have targeted banks, financial institutions, and cryptocurrency exchanges in the past years.


Hackers take over a construction crane!

Hacking a crane at a construction site might seem to you like an impossible act from cybercriminals. It just appears so unbelievable. After all, what would they get by hacking a crane?

Researchers claim that construction cranes are extremely vulnerable to hackers as they can exploit them to cause destruction.

The researchers also released a video to explain how a construction crane can be hacked.


Major Vulnerabilities Disclosed

Fortnite flaws allowed hackers to takeover gamers' accounts

Researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link.

The reported Fortnite flaws include a SQL injection, cross-site scripting (XSS) bug, a web application firewall bypass issue, and most importantly an OAuth account takeover vulnerability.


Radio frequency remote controller weaknesses have serious safety implications

A report released by Trend Micro details the inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers found and disclosed through the Zero Day Initiative ZDI.

The report demonstrates how an attacker could persistently and remotely take control of, or simulate the malfunction of, the attacked machinery.


Legal, Regulatory and Corporate
Security and Beyond

Criminals wielding Ryuk ransomware specialise in targeting enterprises

According to an article by Zeljka of Helpnet security, a cybercriminal group dubbed Grim Spider has been using the Ryuk ransomware to exclusively target enterprises and has managed to amass over 705 Bitcoins (around $3.7 million) from the victims in less than six months.


GoDaddy removes JavaScript injection which tracks website performance, but might break it too

GoDaddy is injecting JavaScript into customer websites for the purposes of tracking which may slow down websites or break them entirely.

According to programmer Igor Kromin, issues with his own website's admin interface, hosted by the popular web hosting service, prompted him to examine the code to detect any problems.


Security Awareness Tip

Data Privacy in an Era of Compliance: Are You Cyber Secure?

Data privacy for individuals means reviewing privacy settings on social media, being mindful of entering data into websites, and taking ownership of one's online identity.

The internet is full of data about you. Whenever you shop, browse websites, or use any of numerous apps, your activity and some of your personal information may be collected and shared. Use the following steps to protect yourself:

  1. Know what you are sharing.
  2. Guard your date of birth and telephone number.
  3. Keep your work and personal presences separate.

Protect the information, identity, and privacy of others by following these:

  1. Know what resources are available at your institution
  2. Know what policies are in place at your institution
  3. Keep constituents' personal information confidential
  4. Only use data for its intended purpose
  5. Destroy or de-identify private information you no longer need


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed