Silensec Newsletter

Category: News

Top News

Instagram bug could have allowed anyone to take over your account

A security researcher from India has won $30,000 in a bug bounty program after he found a flaw in Facebook-owned photo-sharing app Instagram.

Laxman Muthiyah discovered a vulnerability that allowed him to hack any Instagram account without consent permission.

He took over someone's Instagram account by clicking on forget the password or requesting a recovery code against the account.

Read more...

Slack resets passwords for users who hadn't changed it since 2015 breach

Slack has been sending a "password reset" notification email to all those users who had not yet changed passwords for their Slack accounts since 2015 when the company suffered a massive data breach.

For those unaware, in 2015, hackers unauthorisedly gained access to one of the company's databases that stored user profile information, including their usernames, email addresses, and hashed passwords.

Read more...

Major Hacks of the Week

SWEED Hackers target manufacturing, logistics organisations

A threat actor active since at least 2017 has been mainly targeting victims with information stealers and remote access Trojans RATs, Cisco's Talos security researchers explain.

Referred to as SWEED, the group has been observed using malware such as Formbook, Lokibot and Agent Tesla, consistently distributing those via spearphishing emails with malicious attachments across its campaigns.

Read more...

Hackers access Sprint accounts via Samsung website


Sprint, a U.S. telecoms company, has informed some of its customers of a serious security breach that has exposed subscriber information like billing addresses, phone numbers, and other detailed account information.

The breach is a result of vulnerability, the details of which are currently unknown, in a Samsung website advertising an "add a line" feature for active Sprint account holders.

Read more...

Major Vulnerabilities Disclosed

Lenovo confirms 36TB data leak security vulnerability

Lenovo has confirmed that a "high severity" security vulnerability has left users of specific network-attached storage devices with data exposed to anyone who went looking for it. How much data? How does at least 36TB grab you?

That's the number that the security researchers who uncovered the vulnerability in the Lenovo-EMC storage products put on the data leak at the time of the discovery.

Read more...

Zoom RCE flaw also affects Its rebranded versions RingCentral and Zhumu

The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera. Zoom leaves behind a locally running webserver. An Apple update fixes it, but now we find there are white-label versions of Zoom that come with the same bug.

RingCentral and Zhumu are the two we know about so far, but the Apple update doesn’t fix those. In today’s SB Blogwatch, we switch off all the Macs.

Read more...

Legal, Regulatory and Corporate
Security and Beyond

Malware framework gathers 1 Billion ad impressions in 3 Months

The framework, which has generated significant Google AdSense revenue on a monthly basis, features three separate stages aimed at installing a malicious browser extension to perform fraudulent AdSense impressions, generate likes on YouTube videos, and watch hidden Twitch streams.

The malicious tool works by padding statistics on social sites and ad impressions, thus generating revenue for its operators. Malware is used to create a botnet to target the content and advertising platform via browsers such as Chrome, Firefox, and Yandex.

Read more...

Hacker in DDoS attacks on daybreak games gets two years in prison

Another hacker behind attacks on Daybreak Game Company, a.k.a Sony Online Entertainment, is going to prison. Austin Thompson of Utah will be behind bars for the next 27 months, the U.S. Attorney’s Office for the Southern District of California announced Tuesday.

Thompson, 23, pleaded guilty (official charge: “Damage to a Protected Computer”) in connection with attacks in late 2013 against SOE; his group, “DerpTrolling,” was allegedly behind several denial-of-service attacks on online service for several SOE games, plus Battle.net, League of Legends, and Dota 2 in late 2013.

Read more...

Security Awareness Tip

Crucial Security Requirements your Cloud Vendor Contract should have!

Cloud adoption is now on the rise more than ever. However, despite the interest in moving to the cloud, organisations still struggle with negotiating contracts for cloud-based services, according to SecIntel. One of the key challenges for cloud computing customers is to ensure that contracts include provisions for an appropriate level of security. What should your Vendor Agreement cover?

Below is a cloud contract checklist to ensure you've covered all the necessary security elements in your vendor agreement:

  1. Audits and Assessments
  2. Availability
  3. Compliance Requirements
  4. Data Access
  5. Data Breach or Loss
  6. E-Discovery
  7. Insurance Coverage
  8. Intellectual Property
  9. Legal Transborder Requirements
  10. Litigation Holds
  11. Roles and Responsibilities
  12. Source Code
  13. Termination and Disposal

Know your security requirements to protect your Cloud investments

Read more...

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed