Silensec Newsletter
-
Monday, 23 September 2019
-
Hits: 594
|
|
|
Platform agnostic attack, Simjacker allows hackers to remotely exploit the victims' phone by sending a SMS which contains a malicious code; the code gives instructions to the universal integrated circuit card (UICC)/ SIM card placed inside the targeted device to retrieve and carry out sensitive commands.
The attack is set into motion as soon as the 'attack SMS' sent via another remote handset, is received by the targeted device. The process involves a series of SIM Toolkit (STK) directions particularly configured to be sent on to the SIM Card inside the victim's device.
Read more...
|
|
|
|
On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense. The Central Bank launched a new feature for credit institutions, it will be the risk profile on the level of information security.
The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack.
Read more...
|
|
|
|
|
Two years after hackers first started targeting local government payment portals, attacks are still going on, with eight cities having had their Click2Gov payment portals compromised in the last month alone, security researchers from Gemini Advisory have revealed.
Read more...
|
|
|
|
Researchers discovered a series of incidents involving software credit card skimmer used by Magecart to hit the booking websites of hotel chains.
Experts noticed that the link would deliver a credit card skimmer script only when users visited the websites using mobile devices, suggesting that the attackers aimed at targeting only mobile users.
Read more...
|
|
| Major Vulnerabilities Disclosed |
|
|
|
Researchers have discovered many vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices as part of a project dubbed SOHOpelessly Broken 2.0.
ISE last year decided to conduct another similar assessment to see if and how much IoT security has evolved since then.
Read more...
|
|
|
|
Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.
LastPass has since released an update to address the vulnerability with the release of the version 4.33.0.
Read more...
|
|
| Legal, Regulatory and Corporate |
|
|
|
Ecuador is seeking to pass a data protection bill in the wake of a massive data breach that resulted in the personal data of up to 20 million people being made available online.
According to reports, the bill draws on the EU General Data Protection Regulation (“GDPR”) in certain ways - for example, as relates to international data transfers - but diverges in other respects.
The data protection bill headed to Ecuador’s national assembly today.
Read more...
|
|
|
|
Drone-enabled attacks against two major Saudi Arabia oil producers over the weekend have cut the country's production in half.Â
As reported by the Financial Times, Houthi rebels in Yemen claimed responsibility for the attacks, in which a coordinated set of drone strikes, made possible through ten unmanned aerial vehicles (UAVs), set fire to a major facility and nearby oilfield on Saturday morning.
Read more...
|
|
|
|
|
There are over 8000 publicly accessible Google Calendars, searchable using Google engine itself, that allow anyone to not only access sensitive details saved to them but also add new events with maliciously crafted information or links.
Read more...
|
|
|
|
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire.
The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking trojans, information stealers, email harvesters, self-propagation mechanisms and even ransomware.
Read more...
|
|
|
|
|
Social media platforms create an avenue for people to connect and share information with each other over the internet.
These include wikis, blogs, social networking sites such as Facebook, Twitter, LinkedIn, Google Plus, Instagram, Snapchat, Tumbler, WhatsApp etc.Â
These websites can however pose a threat to individuals, ranging from young kids, teenagers and even adults, all who have access to the social networking sites and hence are susceptible to a myriad of threat actors.
It is therefore important for society at large, beginning with the basic unit, the family, to implement sound security practices and create necessary security awareness for children so as to reduce the exposure & risk associated with social media platforms.
This guide covers what you need to know and issues to raise with kids about living their lives online.
Read more...
|
|
Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor
Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.
Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.
Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and 
Feed .
For any questions please click on the following contact us link
