Silensec Newsletter

Category: News

Top News

CoinHive Cryptocurrency mining service will shut down on March 8, 2019

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019.

This has made headlines across the years because it was used by crooks to abuse computational resources of the victims that were visiting compromised websites hosting the Coinhive script.

It was initially launched as a legitimate service for site administrators to generate revenue from the traffic visiting their websites, when unaware, users visit compromised websites, the script starts using their computers' processing power to mine cryptocurrency


Facebook apps secretly sending sensitive data back to the mothership

A trio of privacy earthquakes shook Facebooklandia on recently: 11 3rd-party apps seem to be sharing consumer sensitive data with Facebook, New York’s governor called on two state agencies to investigate this “secret” sharing of health and financial data.

60 pages of un-redacted legal documents from a lawsuit between Facebook and app developer Six4Three were anonymously posted on GitHub.


Major Hacks of the Week

The arsenal behind the Australian parliament hack

A cyber attack targeted a high profile target on the APAC area: the Australian parliament house ,reports says there was no evidence of any information theft and the attack has been promptly isolated and contained by the Australian CyberSecurity Centre ACSC, however the attackers gained access the ruling Liberal and National coalition parties networks as well as the opposition Labor Party, just a few months before the federal election.


Students arrested for 'hacking over 20 websites'

The cyber unit of Bogura police has arrested 21 year old Bashir Ullah Sarder, and 19yr old Azhar Uddin Abir on charges of hacking more than 20 websites. According to the law enforcers the two used codenames - FabiHaxor and 4zuc0d3r - respectively and used to work for a hackers’ group named BlackWeb.


Major Vulnerabilities Disclosed

Cobalt strike bug exposes attacker infrastructure

A recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers, Fox-IT security researchers reveal.

The bug, which was addressed in January with the release of Cobalt Strike version 3.13, consisted of an uncommon whitespace in server responses and had been leveraged by researchers to identify Cobalt Strike servers for one and a half years.


Adobe patches ColdFusion vulnerability exploited in the wild

Adobe has released out-of-band updates for its ColdFusion web application development platform to address a critical vulnerability that has been exploited in the wild.Â

The zero-day flaw, tracked as CVE-2019-7816, has been described by the vendor as a file upload restriction bypass issue that could lead to arbitrary code execution in the context of the ColdFusion service.

The security hole has been addressed in ColdFusion 11, ColdFusion 2016 and ColdFusion 2018. In addition to installing the updates as soon as possible, Adobe has advised users to apply security configuration settings as shown in the platform’s lockdown guides and the ColdFusion security page.


Legal, Regulatory and Corporate
Security and Beyond

Privacy Foundation says privacy 'severely' underestimated in rushing through CDR

The Australian Privacy Foundation (APF) believes the privacy safeguards currently in place for the impending Consumer Data Right (CDR) are not sufficient, and that the government has "severely" underestimated the need for more thought across the entire legislative change.

The APF suggested that such issues could be rectified through conducting, and then implementing recommendations, from a "rigorous and independent" external privacy impact assessment.


New Thai laws allow government to access information without warrants

The Thailand military government passed a cybersecurity law that will give sweeping powers to state cyber agencies allowing state officials to seize, search, infiltrate, and make copies of computers, computer systems, and information in computers without a court warrant.

Relevant courts only need to be informed of such actions after they have already occurred.Â


Security Awareness Tip

How cloud storage providers can preempt cyber attacks with business continuity

Cloud storage is now an integral part of almost every enterprise infrastructure and, as a result, security has become one of the most crucial elements of any cloud storage provider’s operation.

Cloud storage providers are responsible for the protection of millions of users’ data, and they can’t afford to ignore business continuity and risk management. Fortunately, there are proactive steps that can enable effective response when cyber crises strike. For example:

  1. Align risk management resources

  2. Build a centralized source of risk data

  3. Establish automatic workflows that allow all parties to move as one


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed