Silensec Newsletter

Category: News

Top News

Cisco addresses flaws in HyperFlex and Prime Infrastructure

Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix two High risk security flaws in HyperFlex software.

The first one is a command injection vulnerability (CVE-2018-15380) in the cluster service manager of the application caused by insufficient input validation, it could be exploited by an attacker to run commands as the root user.


Researcher earns $10,000 for another XSS flaw in Yahoo mail

A researcher says he has discovered yet another critical cross-site scripting XSS vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user’s emails and attach malicious code to their outgoing messages.

A malicious actor could have exploited the security hole to silently forward the victim’s emails to an external website, change the compromised Yahoo account’s settings, and create an email virus that would attach itself to the signature of all outgoing emails.

The bug existed due to failure to properly filter potentially malicious code in HTML emails.


Major Hacks of the Week

Tampa mayor's Twitter hacked, used to send bomb and ballistic missile threats

A hacker took over the Twitter account of Tampa Mayor Bob Buckhorn and sent out a fake ballistic missile warning and a bomb threat from the compromised account.

Threat actor sent a fake bomb threat to Tampa International Airport and said there was a ballistic missile headed to the Tampa area in a series of tweets that have since been deleted.


LPG Gas Co. leaked details, Aadhaar numbers of 6.7M Indian customers

Security researchers have discovered that the official website of popular state-owned LPG gas company Indane is leaking personal details of its millions of customers, including their Aadhaar numbers.

The Aadhaar numbers are a unique number assigned to each citizen as part of India's biometric identity programme maintained by the government's Unique Identification Authority of India UIDAI.


Major Vulnerabilities Disclosed

Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes

The Microsoft Security Response Center published yesterday a security advisory about a denial of service (DOS) issue impacting IIS (Internet Information Services), Microsoft's web server technology.

Saying that there are circumstances in which IIS servers processing HTTP/2 requests can cause CPU usage to spike to 100 percent, effectively blocking or slowing down the entire system.


Millions of medical advice calls exposed in Sweden

Calls recorded by a Swedish national health service hotline were stored on an unencrypted system that was publicly accessible to anyone with an internet connection, it has emerged.

An estimated 2.7 million phone calls were discovered to have been left open by an unprotected NAS (network attached storage) system, and were accessible without a password or any authentication, according to local reports.


Legal, Regulatory and Corporate
Security and Beyond

The weird rise of cyber funerals

Your online data is a bit like single-use plastic: there’s tonnes of the stuff and it’s very hard to get rid of. When you die, your physical body will slowly decay, or be sent to a crematorium or dissolved in a tank filled with potassium hydroxide. But that pesky digital corpse?

This is going to be around for a while, like a data soul stuck in online purgatory, never to receive salvation. Unless, of course, you set it free.

All you need to do is organise a cyber funeral. Thanks to recent changes to privacy legislation in Europe and South Korea aimed at protecting the living, we now have more power than ever over our personal information – even from beyond the grave.


Criminal groups promising salaries averaging $360,000 per year to accomplices

New research reveals that criminal groups are promising salaries averaging the equivalent of $360,000 per year to accomplices who can help them target high-worth individuals, such as company executives, lawyers and doctors with extortion scams.

One principal method of extortion where criminals deem potential victims to be particularly vulnerable is so-called 'sextortion'.

Researchers tracked a sample of sextortion campaigns and found that from July 2018 to February 2019 over 89,000 unique recipients faced some 792,000 extortion attempts against them.


Security Awareness Tip

How the IoT could assist with higher-quality water supplies

No resource on earth is more important than water supply, the good news is technology gets better almost by the day when it comes to our use of the earth's water supply.

Internet of Things comes to the rescue around the world. IoT means alot for higher-quality water supplies throughout the world.

In particular, the vast capabilities of the Internet of Things comes to the rescue for municipalities, farmers, companies and other organizations around the world i.e.

  • Sensors for Wastewater Plant Management
  • Better Tools and Prediction for Agriculture
  • Smart Metering for Home and City Water Usage


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed