Silensec Newsletter

Category: News

Top News

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey and sent a series of racist and offensive tweets to Dorsey's followers.

Dorsey's Twitter account was compromised last week when a hacker group calling itself "Chuckling Squad" replicated a mobile phone number associated with the CEO account and abused this particular feature to post racist, offensive messages and bomb threats from it via SMS.


Oklahoma pension fund reports $4.2 million cyber theft

The FBI is investigating after computer hackers managed to steal about $4.2 million in funds from a pension system for retired Oklahoma Highway Patrol troopers and other state law enforcement officers, state officials said Friday.

A notice posted on the Oklahoma Law Enforcement Retirement System website said the agency notified the FBI and couldn't comment further on details of the breach.


Major Hacks of the Week

Radio Pakistan Website hacked

The website of state broadcasters Radio Pakistan was hacked for a brief period of time on Sunday and was restored successfully. The hackers displayed the following message on the website.

According to the reports, the group of hackers who call themselves ‘Crash Rulers’ have accepted the ownership of the attack. The news of the hacking was released on twitter through the twitter handle name @TheCrashRulers.


Ransomware attack locks out new Bedford city data

New Bedford Mayor disclosed that a variant of the Ryuk virus blocked access to information on 158 city computers in July. The Standard-Times reports the city had previously blamed an unspecified virus.

The attacker demanded a Bitcoin payment equal to $5.3 million.


Major Vulnerabilities Disclosed

Facebook patches "Memory disclosure using JPEG images" flaws in HHVM servers

Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file.

The vulnerabilities reside in HHVM (HipHop Virtual Machine) - a high-performance, open source virtual machine developed by Facebook for executing programs written in PHP and Hack programming languages.


Experts found Joker Spyware in 24 apps in the Google Play store

Google has removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” The spyware is able to steal SMS messages, contact lists and device information along with to sign victims up for premium service subscriptions. The Joker spyware infected users in 37 countries.


Legal, Regulatory and Corporate
Security and Beyond

Hundreds arrested in joint US-Nigeria crackdown on cyber scams.

Nigerian and US authorities said Tuesday that nearly 300 people had been arrested in a months-long global crackdown on online scams to hijack wire transfers from companies and individuals.


UNICEF data leak reveals personal info of 8,000 online learners

The United Nations children’s agency, UNICEF, has inadvertently leaked personal information belonging to thousands of users of its online learning portal Agora.

The website offers free training courses to UNICEF staff and members of the public on issues such as child rights, humanitarian action, research, and data.


Security Awareness Tip

7 crucial components of Cyber Incident Recovery

Organizations of all sizes are consistently reporting increased numbers of cyber incidents, with data breaches and ransomware infections fast becoming a common occurrence. Below are 7 key aspects of planning for cyber incident recovery:

  1. Define specific recovery goals for your systems, processes, and business,
  2. Have a detailed inventory of all physical and digital assets relevant to recovery,
  3. Have a solid backup strategy is a vital aspect of recovery planning,
  4. Define and maintain a list of all personnel who might be involved in cyber incident recovery,
  5. Define connectivity requirements for key systems and communication channels for recovery personnel,
  6. Ensure that all your service level agreements (SLAs) with third parties anticipate outages and recovery situations, both for your own systems and those of the provider,
  7. Ensure that recovery planning is tied into all relevant change processes in the organization, from HR to software and hardware maintenance.


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed