Silensec Newsletter

Category: News

Top News

HawkEye malware operators renew attacks on business users

Researchers have reported an increase in HawkEye v9 keylogger infection campaigns targeting businesses around the world. In campaigns observed by the researchers in April and May 2019, the HawkEye malware focused on targeting business users, aiming to infect them with an advanced keylogging malware that can also download additional malware to their devices.


Mozilla returns crypto-signed website packaging spec to sender - yes, it's Google

Mozilla recently published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form.

Google engineers talked up the tech, which consists of several related projects that allow website resources to be packaged and cryptographically signed for redistribution by third parties. Making websites portable, Google contends, facilitates more efficient delivery, easier sharing and offline access.


Major Hacks of the Week

Hackers infect 50,000 MS-SQL and PHPMyAdmin servers with rootkit malware

Cybersecurity researchers have published a report on a widespread cryptojacking campaign attacking Windows MSSQL & PHPMyAdmin servers worldwide. Dubbed nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50k servers and are installing a sophisticated kernel-mode rootkit on compromised systems to prevent the malware from being terminated.


Flipboard database hacked - users' account information exposed

Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked. According to a public note published by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months - between June 2, 2018, and March 23, 2019, and then again on April 21-22, 2019.


Major Vulnerabilities Disclosed

Google white hat hacker found code execution flaw in Notepad

A popular white hat hacker recently announced the discovery of a code execution vulnerability in Microsoft’s Notepad text editor. Tavis Ormandy, Google Project Zero researcher, announced the discovery of a code execution flaw in Microsoft’s Notepad text editor.

He reported the issue to Microsoft and will wait 90 days according to Google vulnerability policy disclosure before revealing technical details of the flaw. Of course, Ormandy could also disclose the details of the vulnerability after Microsoft will release a security patch to address the issue.


New hiddenWasp malware found targeting Linux systems

Security researchers have found a new strain of Linux malware that appears to have been created by Chinese hackers and has been used as a means to remotely control infected systems. Named hiddenwasp, this malware is composed of a user-mode rootkit, a trojan, and an initial deployment script.

The malware has a similar structure to another recently, discovered Linux malware strain, the Linux version of Winnti, a famous hacking tool used by Chinese state hackers.


Legal, Regulatory and Corporate
Security and Beyond

Japan to restrict Foreign Tech investment on security fears

The Japanese government is set to restrict foreign ownership of domestic firms in key tech areas on national security grounds, in a move which echoes America's recent attempts to restrict Chinese companies. Announced on Monday, the new rules will add the manufacturing of chips, telecoms equipment, mobile phones and other sectors to already restricted areas like nuclear equipment and arms.


Major hotel management company leaks 85GB of security log data

Shane McGlaun, a security researcher, reported yet another significant hack of a hotel management company that backs some of the largest hotel chains in the world. The hotel management company in question is Pyramid Hotel Group, and it manages many Marriott locations.

The company had a server that left an unsecured database containing security logs that could give nefarious types an idea about cybersecurity weaknesses of the hotels.

The unprotected database was discovered by VPNMentor researchers that uncovered the exposed security logs while using port scanners to map areas of the internet.


Security Awareness Tip

Have you been practicing safe clicking?

How would you tell if a link is safe without clicking on it? Even the best security software would not protect you from the headaches encountered if you clicked an unsafe link. Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, do not click on it.

Ensure that you double check the URL of the website the link takes you to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.

Think you can spot a phony website?


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec HQ (Cyprus)

Silensec Africa

Silensec UK


Silensec Corp. (USA)

  • Address: 251 Little Falls Drive, Wilmington, New Castle County, DE 19808, USA
  • Email:
  • Tel.: 1-800-959-0163 (toll-free)
  • Web: 

News Feed