Silensec Newsletter

Category: News

Top News

Capital One gets capital done: Hacker swipes personal info on 106 million US, Canadian credit card applicants

Capital One has disclosed that it has suffered a data breach impacting 100 million people in the United States, and 6 million in Canada.

The company said in a statement that data between 2005 and 2019 was accessed and related to information on consumers at the time when they applied for a credit card.

Read more...

Honda Motor Company leaks database with 134M rows of employee computer data

Honda Motor Company, one of the largest automobile manufacturers in the world, misconfigured an ElasticSearch database containing approximately 134 million documents, and amounted to roughly 40GB of internal data.

The information available in the database appeared to be something like a inventory of all Honda internal machines.

Read more...

Major Hacks of the Week

Hacking campaign is wiping Iomega NAS Devices exposed online

Security experts are warning of a campaign carried out by attackers that are deleting files on publicly accessible Lenovo Iomega NAS devices.

Likely attackers use the Shodan search engine to find unprotected IOmega NAS exposed online and access them using the publicly accessible web interface.

Once wiped the devices, attackers will leave a ransom note asking for the payment of a ransom in Bitcoin. It is not clear if the attackers will give back the files to the victims after they have made the payment.

Read more...

Massive Botnet attack used more than 400,000 IoT Devices

A massive botnet attack earlier this year utilized more than 400,000 connected devices over the course of 13 days, according to researchers at the security firm Imperva.

The attack, which occurred between March and April at one of the firm's clients in the "entertainment industry," targeted an online streaming application, Imperva says in a blog.

Read more...

Major Vulnerabilities Disclosed

Critical flaws found in VxWorks RTOS that powers over 2 billion devices

Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.

Read more...

Series of Zero-Day vulnerabilities could endanger 200 million devices

A series of vulnerabilities in a real-time operating system RTOS could leave up to 200 million devices open to exploit. And those devices include everything from network firewalls to medical devices.

The vulnerabilities aren't theoretical - the exploits have been demonstrated - and many of the affected devices haven't been touched or actively managed in years.

Read more...

Legal, Regulatory and Corporate
Security and Beyond

As Internet of Things enters nappies, 'SMART' babycare could have its drawbacks

Pampers in the US announced the launch of a new line of “smart” nappies that can alert parents when babies need their nappies changed. It signals a future where parents become overly reliant on technology to making parenting decisions.

Read more...

All-female hackathon to take place in South Africa

GirlCode is aiming to empower young girls and women through technology. This is why they've announced the dates for their sixth and last annual GirlCode Hackathon. The event is set to take place on the 3rd & 4th August 2019 in Cape Town and Pretoria.

The #GirlCodeHack has developed into the largest all-female hackathon in South Africa, with over 300 participants expected.

Read more...

Security Awareness Tip
 

Keep a record of the data you hold- You are legally required to keep a record of the personal data you hold as well as where and when you acquired the data, and whoever you may have shared the data with.

Records of your processing data will need to be maintained, which will help you comply with the GDPR's accountability principle. This requires a company to show proof of how they comply with the data protection principles.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed