Silensec Newsletter

Reddit discloses a data breach, a hacker accessed user data

Reddit discloses a data breach, a hacker accessed user data

Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.

The databreach was discovered on June 19, 2018, according to Reddit, between June 14 and 18, 2018, the attacker compromised some of the employees' accounts with the company cloud and source code hosting providers.

Read more...

French to ban smartphones in schools

French to ban smartphones in schools

Lawmakers in France recently passed a law that prohibits students from using smartphones at school. Once the law goes into effect, students will have to either leave their phones at home or keep them switched off during school hours. The French hope to alleviate children's phone addiction and help them focus in class.

The ban will apply to students as old as 15, unless they use the phone for educational purposes or certain extracurricular activities, or unless they have a disability.

Read more...

Scammers pwn verified Fox Twitter account to scam cryptocurrency

Scammers pwn verified Fox Twitter account to scam cryptocurrency

Scammers have long been exploiting Twitter to steal digital currencies from naive users, but this month one attacker pulled off a rare coup by compromising a verified Twitter account.

Recently someone managed to gain access to a verified Twitter account for a now-defunct Fox show called Almost Human and use it to impersonate cryptocurrency entrepreneur Justin Sun, founder of the TRON decentralized blockchain application platform.

Read more...

Bluetooth bug could expose devices to snoopers

Bluetooth bug could expose devices to snoopers

Researchers have discovered a flaw in some Bluetooth implementations that could allow an attacker to intercept or tamper with data exchanged between two vulnerable devices. The cryptographic bug, tracked as CVE-2018-5383, has been identified by scientists at the Israel Institute of Technology.

It impacts two related Bluetooth features: Secure Simple Pairing and LE Secure Connections.

Read more...

Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products

Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products

Cisco reported four critical vulnerabilities affecting its Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws could be exploited by a remote unauthenticated attacker to access the Policy Builder interface and the Open Systems Gateway initiative (OSGi) interface.

The access to the Policy Builder interface could allow an attacker to change to existing repositories and create new ones, while the access to the OSGi interface could allow an attacher to access or change any file accessible by the OSGi process.

Read more...

Defeating the iPhone Restricted Mode

Defeating the iPhone Restricted Mode

Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint.

Elcomsoft recently announced that it can easily bypass it. This is the reason actual cryptographers and security engineers are very skeptical when a random company announces that their product is "secure."

Read more...