Silensec Newsletter

Category: News

Top News

Targeted attacks hit multiple embassies with Trojanized TeamViewer, Kenya included!

Security experts have uncovered a cyberespionage campaign leveraging a weaponized version of TeamViewer and malware disguised as a top-secret US government document to target officials in several embassies in Europe. The targeted attacks aimed at Embassy officials from at least 7 countries (Italy, Kenya, Bermuda, Nepal, Guyana, Lebanon & Liberia), tied to govt revenue related roles and the financial sector.


Facebook EXPECTING to face a fine of up to $5 billion, due to privacy violation!

Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission FTC as the result of an investigation into its privacy policies - that's about one month's revenue for the social media giant.

The company had set $3 billion aside in anticipation of the settlement with the FTC, who launched a probe into Facebook following the Cambridge Analytica scandal.


Major Hacks of the Week

Magecart hackers force turnover, steal data from Atlanta Hawks' online shop

According to reports by security researcher Bradley Barth, cybercriminals using Magecart card-skimming code attacked the online store of the NBA's Atlanta Hawks, stealing customers names, addresses and payment card numbers.


Source Code for CARBANAK Banking Malware Found On VirusTotal

Security researchers have discovered the full source code of the Carbanak malware - yes, this time it's for real.

Carbanak - sometimes referred as FIN7, Anunak or Cobalt - is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks against banks, financial institutions, hospitals, and restaurants.


Major Vulnerabilities Disclosed

Crooks abuse GitHub platform to host phishing kits

Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses.

Experts discovered that cybercriminals are abusing the GitHub service since at least mid-2017.

Attackers are using stolen brand graphics to make their pages resemble the brand they were abusing.


PDFs are the vehicle of choice for malware and fraud, report says:

There has been a substantial increase of fraudulent PDF files, according to a report by SonicWall Capture Labs threat researchers.

This fraud campaign takes advantage of recipients' trust in PDF files as a "safe" file format that is widely used and relied upon for business operations.

Targets of the phishing style PDF scam campaigns typically receive malicious documents from "businesses" luring victims with attached PDF files that look deceivingly realistic with misleading links to fraudulent pages.


Legal, Regulatory and Corporate
Security and Beyond

Karkoff! New 'DNSpionage' with selective targeting strategy

The cybercriminal group behind the infamous DNSpionage malware campaign has been found running a new sophisticated operation that infects selected victims with a new variant of the DNSpionage malware.

First uncovered late last year, the DNSpionage attacks used compromised sites and crafted malicious documents to infect victims' computers with DNSpionage - a custom remote administrative tool that uses HTTP and DNS communication to communicate with the attacker-controlled command and control server.


Researchers develop new tool for safety-critical software testing

A long-term research effort guided by two researchers at the National Institute of Standards and Technology (NIST) and their collaborators has developed new tools to make this type of safety-critical software even safer.

Augmenting an existing software toolkit, the research team's new creation can strengthen the safety tests that software companies conduct on the programs that help control our vehicles, operate our power plants and manage other demanding technology.


Security Awareness Tip

Wanna improve your cyber risk management this year? Check out these 7 Tips

Effective defense demands a team effort where employees, enterprises, and end users alike recognize their shared role in reducing cybersecurity risks. Below are seven tips for risk management improvement:

  1. Balance risk versus reward.
  2. Use your investments wisely.
  3. Be nimble; make sure your strategy can quickly adapt.
  4. Don’t lose sight of the data - are you asking the right questions?
  5. Re-imagine your security approach; don’t go looking for the silver bullet.
  6. Make security awareness stick.
  7. Think beyond compliance.


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed