Silensec Newsletter

Backdoor code found in popular Bootstrap-Sass Ruby library

Backdoor code found in popular Bootstrap-Sass Ruby library

Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update.

The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today.

Read more...

540 million Facebook user records found on unprotected Amazon servers

540 million Facebook user records found on unprotected Amazon servers

Two companies exposed more than 540 million records containing information on Facebook users and their activities by leaving the data unprotected in Amazon Web Services (AWS) S3 buckets. Researchers identified an unprotected S3 bucket belonging to a Mexico-based digita media publisher named Cultura Colectiva, which publishes content for sharing on social media networks, has nearly 24 million followers on Facebook.

The second exposed AWS bucket was associated with a defunct application called “At the Pool.” This database also stored information on Facebook customers and their interests, but it also included names, email addresses and plaintext passwords for 22,000 users.

Read more...

3.1 million customer records possibly stolen in Toyota hack

3.1 million customer records possibly stolen in Toyota hack

Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced on Friday.

The announcement comes a few weeks after Toyota Australia said they have been "the victim of an attempted cyber attack".

Read more...

Russia blocks encrypted mail service provider ProtonMail

Russia blocks encrypted mail service provider ProtonMail

Russian federal authorities have directed internet service providers across the country to block access to ProtonMail, an encrypted email service provider.

The block order came directly from the Russian Federal Security Service, formerly KGB, and was enforced following accusations that ProtonMail, and a group of other email service providers, facilitated the sending of bomb threats.

Read more...

Hacker puts 26 million new accounts up for sale on dark web

Hacker puts 26 million new accounts up for sale on dark web

A hacker who was selling details of nearly 890m online accounts stolen from 32 popular websites in 3 separate rounds has now put up a fourth batch of millions of records originating from 6 other sites for sale on the darkweb.

Security researcher received a new email from the Pakistani hacker (online alias Gnosticplayers) who previously claimed to have hacked dozens of popular websites from companies which, according to him, probably had no idea that they were compromised.

Read more...

Microsoft tech support scammer pleads guilty to defrauding victims of $3 million

Microsoft tech support scammer pleads guilty to defrauding victims of $3 million

Man pleads guilty to a "tech support scam" that defrauded US citizens of more than $3 million over the course of four years. According to court documents, Bishap Mittal, a 24 yr old, had set up a company named Capstone Technologies LLC, together with an unnamed co-conspirator, through which the two managed multiple websites and operations.

Read more...