Silensec Newsletter

Category: News

Top News

Ongoing attack stealing credit cards from over a hundred shopping sites

Researchers from Chinese cybersecurity firm Qihoo 360's NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites.

While monitoring a malicious domain, the researchers found that the attackers have been injecting malicious JS scripts hosted on this domain into hundreds of online shopping websites.


Online predators and social media platforms on Morrison's agenda

After ramming Australia's abhorrent video streaming legislation through Parliament last month, Prime Minister Scott Morrison has announced further social media platform crackdowns on his agenda, should his government be re-elected later this month.

Mr. Morrison said he would have social media platforms and online predators and trolls in his sights under his leadership, in a new plan that aims to protect children, families, and the community.


Major Hacks of the Week

Hackers Steal $40 Million in Bitcoin From Cryptocurrency Exchange Binance

According to reports by the CEO of Binance, hackers took bitcoins from a hot wallet that stored roughly 2% of the company's total holdings. According to Mr. Zhao no other wallets were impacted and assured customers that its Secure Asset Fund for Users (SAFU) emergency insurance fund will cover the losses. The hack, which Binance described as "a large scale security breach."


A hacker has taken over at least 29 IoT botnets

Hacker dubbed "Subby," brute-forced the backends of 29 IoT botnets that were using weak or default credentials. The hacker ‘Subby’ took over tweenty nine IoT botnets in the past few weeks brute-forcing the back end panels of their command and control servers. The hacker accessed to the control panels that were secured with weak credentials.

Subby explained that he was able to gain control over a total of more than 40,000 devices in just a week, a disconcerting firepower that could be potentially abused by several threat actors.


Major Vulnerabilities Disclosed

Hackers exploit Jenkins flaw CVE-2018-1000861 to Kerberods malware

Security expert recently uncovered an ongoing malicious campaign that is targeting vulnerable Apache Jenkins installs to deliver a Monero cryptominer dubbed Kerberods. According to the experts, attackers are exploiting the CVE-2018-1000861 vulnerability in the Stapler HTTP request handling engine used by Jenkins servers.

According to the researcher, a proof-of-concept (PoC) exploit for CVE-2018-1000861 was released in early March. Marinho noticed some attacks hit one of his honeypots attempting to exploit this Jenkins vulnerability to deliver the Kerberods cryptominer.


Mozilla bug throws Tor Browser users into chaos

Mozilla is currently stuck in the middle of a cybersecurity blunder involving digital signatures. The bug reports doesn't give much more detail than "expired intermediate certificate" problems, but the symptoms are obvious, especially for Tor users.

According to the Tor Browser program, one of the browser add-ons could no longer be trusted and had been turned off - the alert didn't say which one, just that some sort of cybersecurity concern had suddenly arisen.


Legal, Regulatory and Corporate
Security and Beyond

Anonymous Messengers now banned in Russia

On May 5, a government decree on the obligation of the owners of Messengers to identify the users of their resources by telephone number came into force in Russia. The relevant document was signed by Prime Minister Dmitry Medvedev on 6 November 2018. According to the government decree, Messengers should check the information about the registration of the user's phone number with the mobile operator.


Chinese hackers uses NSA tool a year before Shadow Brokers Leak

The Chinese cyberespionage group is tracked as Buckeye, APT3, UPSTeam, Gothic Panda, and TG-0110, and it has been linked by researchers to the Chinese Ministry of State Security. The group was spotted using a tool attributed to the NSA-linked Equation Group more than one year prior to it being leaked by the mysterious Shadow Brokers.


Security Awareness Tip

How has GDPR benefited your companies since it went to effect? 3 ways US companies have benefited

While GDPR has certainly raised a number of legitimate security and compliance concerns for organizations around the world doing business with EU citizens, it has also pushed them to improve data privacy efforts and strengthen their overall risk posture.

Here are three ways U.S. organizations have greatly benefited from GDPR, according to security reporter:

  1. GDPR has prompted organizations to improve their incident response strategies
  2. GDPR has forced organizations to take internet of things (IoT) security more seriously
  3. GDPR has better prepared organizations for U.S. data privacy regulations

How the GDPR compliance been treating your company?


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed