Silensec Newsletter

Category: News

Top News

Backdoor code found in popular Bootstrap-Sass Ruby library

Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update.

The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today.


540 million Facebook user records found on unprotected Amazon servers

Two companies exposed more than 540 million records containing information on Facebook users and their activities by leaving the data unprotected in Amazon Web Services (AWS) S3 buckets. Researchers identified an unprotected S3 bucket belonging to a Mexico-based digita media publisher named Cultura Colectiva, which publishes content for sharing on social media networks, has nearly 24 million followers on Facebook.

The second exposed AWS bucket was associated with a defunct application called “At the Pool.” This database also stored information on Facebook customers and their interests, but it also included names, email addresses and plaintext passwords for 22,000 users.


Major Hacks of the Week

College students allegedly scammed Apple out of nearly $1M in iPhone replacements

Two Chinese engineering students in Oregon allegedly scammed Apple out of hundreds of thousands of dollars in iPhone replacements and are now facing criminal charges in federal court. Authorities allege the students pulled off a convoluted scheme in order to wring Apple of the cash by using counterfeit devices and exploiting Apple's return policy.


3.1 million customer records possibly stolen in Toyota hack

Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation TMC announced on Friday. The announcement comes a few weeks after Toyota Australia said they have been "the victim of an attempted cyberattack".


Major Vulnerabilities Disclosed

Cisco Fixes Incomplete Patch for RV320 and RV325 Routers, Including Two New Bugs (CVE-2019-1827, CVE-2019-1828)

Cisco acknowledged that it bungled a crucial patch for a vulnerability in two router models. The company's shoddy initial patches allowed hackers to continue attacks throughout the past two months.

The security flaws impact Cisco RV320 and RV325 WAN VPN routers, two models popular with internet service providers and large enterprises.


Computer systems in the City of Albany hit in ransomware attack

Computer systems in the City of Albany, New York, were infected with ransomware over the weekend that disrupted some municipal computers. According to Albany Mayor Kathy Sheehan, no personal information belonging to government workers or residents was compromised during the ransomware attack.


Legal, Regulatory and Corporate
Security and Beyond

Bots are disrupting Airline ticket sales

Who knew so much bad-bot activity was going on in the airline ticketing business?

In recent months, airlines have faced an uptick in nefarious activity by bad actors, a sign that this industry is ripe with information that can be used for monetary gain or to wreak havoc.

The high-profile breaches at Cathay Pacific and British Airways have illuminated the industry'€™s struggle to prevent and mitigate cyber attacks, but customer data is not the only incentive for bad actors to attack airlines. Sheer profit is, however.


Women are increasingly climbing the cybersecurity leadership ladder.

The newest generation of professional entrants into cybersecurity is decidedly more female than in the past. 45% of women surveyed are millennials, compared to just 33% of men.

This estimate is a higher percentage than in past reports in part due to the adoption of a new sample methodology that creates a more accurate and holistic representation of the cybersecurity and IT/ICT professionals responsible for securing their organizations critical assets.


Security Awareness Tip

What is shadow mining and why is it a security threat?

According to a survey by helpnet, organizations seem to be ignoring the security threat, shadow mining, which is a form of shadow IT, and occures when a malicious insider compromises their company machine to illicitly mine cryptocurrency.

Security expert advices that companies invest on technologies that will enable them monitor who is on their network and what they are doing, to ensure the most effective ways of mitigating both internal and external security threats like shadow mining and cryptojacking


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec HQ (Cyprus)

Silensec Africa

Silensec UK


Silensec Corp. (USA)

  • Address: 251 Little Falls Drive, Wilmington, New Castle County, DE 19808, USA
  • Email:
  • Tel.: 1-800-959-0163 (toll-free)
  • Web: 

News Feed