Silensec Newsletter

Category: News

Top News

DoorDash announces data breach affecting 4.9 million people

DoorDash announced in a blog post that an "unauthorized third party" had accessed user data of approximately 4.9 million "consumers, Dashers, and merchants."

DoorDash said names, email addresses, delivery addresses, order histories, phone numbers, and hashed, salted passwords all “could” have been accessed.

However, it’s not clear what, if anything, might have been done with the data by the third party.

Read more...

Massive wave of account hijacks hits YouTube creators

A massive wave of account hijacks has hit YouTube users, and especially creators in the auto-tuning and car review community.

Several high-profile accounts from the YouTube creators car community have fallen victim to these attacks already.

The list includes channels such as Built [Instagram post, YouTube channel] among others.

Read more...

Major Hacks of the Week

Vodafone customer account details ‘briefly exposed’ after software update

Vodafone says customers were able to access other people’s account information through its MyVodafone app on Wednesday morning.

Spokeswoman Meera Kaushik said the privacy breach followed a planned upgrade to the app at 7am, which resulted in an “unexpected caching issue”.

Read more...

Magecart attackers target mobile users of hotel chain booking websites

Researchers discovered a series of incidents involving software credit card skimmer used by Magecart to hit the booking websites of hotel chains.

In early September, the researchers discovered a JavaScript code onto two hotel websites belonging to different hotel chains. The JavaScript code was used to load a remote script on their payment page since August 9.

Read more...

Major Vulnerabilities Disclosed

Vulnerability in the WIB SIM-browser allows attackers to take control of millions of mobile phones around the world

Researchers at Ginno Security Lab claim that they have found vulnerability in both WIB simcard-browser and S@T simcard-browsers. By sending a malicious SMS message to the victim's phone number, an attacker can exploit vulnerabilities in the WIB simcard-browser to remotely gain control of the victim's mobile phone to perform malicious actions.

The impact of the vulnerability in WIB is spreading around the world and putting hundreds of millions of telecommunication subscribers worldwide at risk. The security vulnerability comes from the SIM card, does not depend on mobile phones or the mobile phone operating system, so every mobile phone is affected.

Read more...

Critical flaws affect Jira Service Desk and Jira Service Desk Data Center

Atlassian released security updates to address critical vulnerabilities in Jira Service Desk and Jira Service Desk Data Center.

One of the flaw can lead to information disclosure, while another critical vulnerability addressed by Atlassian could allow server-side template injection leading to remote code execution.

The Jira Service Desk is a help desk request tracker brought to you by Atlassian that allows companies to easily receive, track, manage, and resolve requests from your team’s customers.

Read more...

Legal, Regulatory and Corporate
Security and Beyond

Vimeo sued for storing faceprints of people without their say-so.

The complaint was filed on 20 September on behalf of potentially thousands of plaintiffs under the Illinois Biometric Information Privacy Act (BIPA).

Read more...

Microsoft released emergency patches for IE 0-Day and Windows Defender flaw

Security researchers from Palo Alto Networks managed to track a campaign targeting transportation and shipping organizations based in Kuwait.

As part of the attacks, the threat actor used backdoors referred to as Sakabota, Hisoka, Netero and Killua, which use HTTP for their command and control (C&C) channels, with some variants employing DNS tunneling or emails for communication purposes.

Read more...

Security Awareness Tip

Is Your Organization Suffering from Security Tool Sprawl?

Is Your Organization Suffering from Security Tool Sprawl?

The advent of the cloud and software-as-a-service (SaaS) applications has given the IT industry many advantages, including increased agility and availability.

Unfortunately, the trend has also significantly contributed to the growing issue of tool sprawl - the use of too many one-off specialized solutions - for both virtualized and point solutions.

Be On Guard

Here are several key best practices that every organization can use to avoid security tool sprawl:

  1. Clearly identify the scope and entities of coverage required before deploying a new security tool.
  2. Take a platform-based approach to security, leveraging connectors and integrations.
  3. Segment your infrastructure based on intent.
  4. Take a unified approach to security monitoring.
  5. Implement strong, comprehensive access controls.

Read more...

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com)
Salome Omondi leads the Silensec Marketing Department. She holds a Bachelors of Commerce and Management from Strathmore University. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed