Silensec Newsletter

Facebook Messenger bug revealed who you had conversations with

Facebook Messenger bug revealed who you had conversations with

Facebook is making a big shift to private messages, but it's not immune to security vulnerabilities. Imperva recently detailed a flaw with Facebook Messenger that allowed potential attackers to learn who you were talking with on the chatting service.

The security bug didn't show the content of the messages, but security researcher is warning users to ensure that they know who they are in touch, since they have the potential to harm your privacy.

Read more...

Huawei to sue US government to overturn its ban as unconstitutional

Huawei to sue US government to overturn its ban as unconstitutional

Huawei has filed a suit against the government of the US's as it seeks to overturn its ban through the National Defense Authorization Act (NDAA).

Filed in the US Federal Court, Huawei rotating chair Guo Ping said in Shenzhen on Thursday that the company is seeking a declaratory judgment that the NDAA restrictions were unconstitutional, as well as a permanent injunction against the restrictions.

Read more...

CoinHive Cryptocurrency mining service will shut down on March 8, 2019

CoinHive Cryptocurrency mining service will shut down on March 8, 2019

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019.

This has made headlines across the years because it was used by crooks to abuse computational resources of the victims that were visiting compromised websites hosting the Coinhive script.

It was initially launched as a legitimate service for site administrators to generate revenue from the traffic visiting their websites, when unaware, users visit compromised websites, the script starts using their computers' processing power to mine cryptocurrency

Read more...

Facebook apps secretly sending sensitive data back to the mothership

Facebook apps secretly sending sensitive data back to the mothership

A trio of privacy earthquakes shook Facebooklandia on recently: 11 3rd-party apps seem to be sharing consumer sensitive data with Facebook, New York’s governor called on two state agencies to investigate this “secret” sharing of health and financial data.

60 pages of un-redacted legal documents from a lawsuit between Facebook and app developer Six4Three were anonymously posted on GitHub.

Read more...

Cisco addresses flaws in HyperFlex and Prime Infrastructure

Cisco addresses flaws in HyperFlex and Prime Infrastructure

Cisco released security patches that address more than a dozen issues in its products, including high severity vulnerabilities affecting HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Security updates fix two High risk security flaws in HyperFlex software.

The first one is a command injection vulnerability (CVE-2018-15380) in the cluster service manager of the application caused by insufficient input validation, it could be exploited by an attacker to run commands as the root user.

Read more...

Researcher earns $10,000 for another XSS flaw in Yahoo mail

Researcher earns $10,000 for another XSS flaw in Yahoo mail

A researcher says he has discovered yet another critical cross-site scripting XSS vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user’s emails and attach malicious code to their outgoing messages.

A malicious actor could have exploited the security hole to silently forward the victim’s emails to an external website, change the compromised Yahoo account’s settings, and create an email virus that would attach itself to the signature of all outgoing emails.

The bug existed due to failure to properly filter potentially malicious code in HTML emails.

Read more...