Silensec Newsletter

Category: News

Top News

Simjacker Exploits S@T Browser to Affect a Billion Users

Platform agnostic attack, Simjacker allows hackers to remotely exploit the victims' phone by sending a SMS which contains a malicious code; the code gives instructions to the universal integrated circuit card (UICC)/ SIM card placed inside the targeted device to retrieve and carry out sensitive commands.

The attack is set into motion as soon as the 'attack SMS' sent via another remote handset, is received by the targeted device. The process involves a series of SIM Toolkit (STK) directions particularly configured to be sent on to the SIM Card inside the victim's device.

Read more...

The Central Bank of Russia will fine banks for weak cyber defense

On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense. The Central Bank launched a new feature for credit institutions, it will be the risk profile on the level of information security.

The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack.

Read more...

Major Hacks of the Week

Two years later, hackers are still breaching local government payment portals

Two years after hackers first started targeting local government payment portals, attacks are still going on, with eight cities having had their Click2Gov payment portals compromised in the last month alone, security researchers from Gemini Advisory have revealed.

Read more...

Magecart attackers target mobile users of hotel chain booking websites

Researchers discovered a series of incidents involving software credit card skimmer used by Magecart to hit the booking websites of hotel chains.

Experts noticed that the link would deliver a credit card skimmer script only when users visited the websites using mobile devices, suggesting that the attackers aimed at targeting only mobile users.

Read more...

Major Vulnerabilities Disclosed

SOHOpelessly Broken 2.0: 125 Vulnerabilities Found in Routers, NAS Devices

Researchers have discovered many vulnerabilities in over a dozen small office/home office (SOHO) routers and network-attached storage (NAS) devices as part of a project dubbed SOHOpelessly Broken 2.0.

ISE last year decided to conduct another similar assessment to see if and how much IoT security has evolved since then.

Read more...

A flaw in LastPass password manager leaks credentials from previous site

Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

LastPass has since released an update to address the vulnerability with the release of the version 4.33.0.

Read more...

Legal, Regulatory and Corporate
Security and Beyond

Thousands of Google Calendars Possibly Leaking Private Information Online

There are over 8000 publicly accessible Google Calendars, searchable using Google engine itself, that allow anyone to not only access sensitive details saved to them but also add new events with maliciously crafted information or links.

Read more...

Emotet is back after a summer break

Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world's most dangerous botnets and malware droppers-for-hire.

The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking trojans, information stealers, email harvesters, self-propagation mechanisms and even ransomware.

Read more...

Security Awareness Tip

I'M SOCIAL & SECURE

Social media platforms create an avenue for people to connect and share information with each other over the internet.

These include wikis, blogs, social networking sites such as Facebook, Twitter, LinkedIn, Google Plus, Instagram, Snapchat, Tumbler, WhatsApp etc.Â

These websites can however pose a threat to individuals, ranging from young kids, teenagers and even adults, all who have access to the social networking sites and hence are susceptible to a myriad of threat actors.

It is therefore important for society at large, beginning with the basic unit, the family, to implement sound security practices and create necessary security awareness for children so as to reduce the exposure & risk associated with social media platforms.

This guide covers what you need to know and issues to raise with kids about living their lives online.

Read more...

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed