Silensec Newsletter

Category: News

Top News

Cloud based python RAT targeting Middle Eastern countries

Cisco Talos unveiled the details of a new RAT dubbed "JhoneRAT, that is dropped to the victims via malicious Microsoft Office documents.

The dropper, along with the Python RAT, attempts to gather information on the victim's machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB and Google Forms.

The RAT attempts to download additional payloads and upload the information gathered during the reconnaissance phase.


Russia Hacked Ukrainian Gas Firm in Trump Impeachment: US Cyber Firm

Russia's GRU spy agency launched a "phishing" attack in November to access the email of Burisma Holdings employees, California cyber firm Area 1 Security said in a report.

According to the report, the timing of the GRU's campaign in relation to the 2020 US elections raised the specter that this was an early warning of what has been anticipated since the successful cyberattacks undertaken during the 2016 US elections.


Major Hacks of the Week

Foreign country hacks New Mexico Public Regulation Commission system

The New Mexico Public Regulation Commission is investigating after a foreign country hacked its network internet and intranet system, according to officials.

Its system has been down since Thursday when the hack was first detected.

According to Tome, a firewall with the New Mexico Department of Information Technology was breached and hackers were able to access the PRC's system.


“Real People,” real data leak: Production company leak exposed personal data of Dove ‘real people’ ad participants

A data breach at UK-based Fresh Film Productions, which makes adverts for high-profile companies including Unilever, has exposed sensitive personal data of participants in antiperspirant brand Dove’s ‘real people’ campaign.

The company inadvertently exposed the data, which included bank details and passport scans, by leaving a company server hosted online on an unsecured Amazon Web Services S3 bucket.


Major Vulnerabilities Disclosed

Microsoft spots malicious npm package stealing data from UNIX systems

The security team at npm (Node Package Manager), the de-facto package manager for the JavaScript ecosystem, has taken down today a malicious package that was caught stealing sensitive information from UNIX systems.

The malicious package is named 1337qq-js and was uploaded on the npm repository on December 30, 2019.


PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.

Multiple groups publicly released weaponised proof-of-concept exploit code for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets.


Legal, Regulatory and Corporate
Security and Beyond

SIM Swap Attacks are making SMS Two-Factor Authentication Obsolete

Twitter CEO Jack Dorsey became the most notable victim of one of the fastest-growing cyber threats: SIM Swapping. SIM Swap Attacks are increasing because they only require social engineering and access to a SIM card, which makes it another form of phishing.

Up until recently, few statistics on successful 2FA attacks have been available as they are rare. However, phishers today are changing that, and by using a combination of old-school techniques and social engineering, they can now convince mobile carriers that they are you, and successfully gain unlimited access to your sensitive information.


Maze Ransomware operators leak 14GB of files stolen from Southwire

The victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

The Maze ransomware also implements data harvesting capabilities, operators are threatening to release the data for all those victims who refuse to pay the ransom.

The operators behind the Maze ransomware have set up a website where they have published the list names of eight companies that allegedly refused to pay the ransom.


Security Awareness Tip

Safe Internet Habits | 2020

Almost every worker, especially in #infosec, has access to the Internet. For this reason, the secure usage of the Internet is of paramount importance for organizations.

Security training programs should incorporate safe Internet habits that prevent attackers from penetrating your corporate network. Employees can practice the following Safe internet habits to stay secure while online:

  1. Employees must be aware of the phishing attacks and learn not to open malicious attachments or click on suspicious links.
  2. This can be achieved by a deeper understanding of the warning signs of a phishing attack
  3. It’s better to disable pop-up windows, as they invite risks
  4. Users should avoid from installing software programs from unknown sources, especially links infected with malware. Nowadays, an overwhelming number of websites offer free Internet security programs that infect your system rather than protecting it.


Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Digital Editor: Salome Omondi (B.Com, MBA)
Salome Omondi leads the Silensec Marketing Department. She received her Bachelors of Commerce and Management Degree from Strathmore University and a Masters of Business Administration from the United States International University-Africa. Miss Omondi publishes the weekly Silensec Newsletter, keeping you up to date with the latest infosec news as well as improving information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and feed-image Feed .

For any questions please click on the following contact us link








  • Address: Eldama Park, Tsavo Wing, 2nd floor, Eldama Ravine Road, Westlands, Nairobi
  • Email:
  • Tel.: +254 (0) 20 8071814

News Feed