Silensec Newsletter

Top News

Hackers Hit the IRS and Make Off With 100K Taxpayers’ Files

On Tuesday the IRS admitted that it had been the target of a breach that compromised 100,000 taxpayers’ files between February and the middle of this month. And though that may seem like a relatively small set of victims compared with recent breaches like the one affecting Target or the health insurer Anthem, the IRS says the attackers gained the full tax return transcript of the affected taxpayers, which could included a detailed dossier of their personal information including income and social security numbers. Read more...

 

 

Study: Average cost of data breach is $6.5M !!!

​An annual study from the Ponemon Institute and IBM released on Wednesday found that the average cost per capita cost in a data breach increased to $217 in 2015 from $201 in 2014. Plus, the average total cost of a data breach increased to $6.5 million from $5.8 million the prior year. Read more...

 

 

Read more...
Top News

Hacker uses Starbucks INFINITE MONEY for free CHICKEN SANDWICH

Sakurity hacker Egor Homakov has found a way to dupe Starbucks into loading free cash onto the "coffee" chain's payment cards. Homakov says a race condition within Starbuck's card purchase system means money can be transferred between cards without it being deducted. The bug hunter exploited the bug and tested it by purchasing food and drink at Starbucks. He says he pulled off the hack which he first quietly reported to the coffee house by opening two browser windows and simultaneously moving US$5 from one account to another in both sessions. Read more...

 

 

'Phantom Menace' Hack Strikes Oil Industry Computers!

What looked to be an ordinary malware attack on a computer at an oil-trading firm turns out to have been part of a targeted attack on the industry at large, according to a report from Panda Security. It began, as it so often does, with someone on their work computer opening an email attachment they shouldn't have. This attachment, instead of producing one of the many trojans, worms or viruses already watched for by antivirus programs, merely unpacked a few common scripts and tools often used by Windows programs — thus avoiding detection. Read more...

Read more...
Top News

There will not be a Windows 11

​It sounds like ‪‎Windows 10‬ will be ‪Microsoft‬’s last complete release, instead opting for updates to dix/add/test new features. Read more... 

 

 

 

 

 

 

Women‬ In ‪Security‬ Speak Out On Why There Are Still So Few Of Them

​They are now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population. Read more...

 

 

Major Hacks of the Week

Jamie Oliver’s website hacked again, drops password stealer

The ‪website‬ of popular British Chef Jamie Oliver is still having issues and potentially infecting visitors looking for a recipe or other material on JamieOliver.com. Browsing any page will trigger a malicious redirection chain to, a ‪password‬ ‪stealer‬ , the Fiesta exploit kit. Read more...

Kaspersky Uncovers Naikon Hackers Targeting Asia-Pacific Nations

The Naikon hacker group is exploiting government, civil and military organizations in the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Thailand, Laos, China and Nepal, according to a new report from security firm Kaspersky Lab. The Naikon hackers, active for the last five years, have a repertoire of 48 backdoor commands in their toolset to exploit victims. The name Naikon is a reference to a name that is found in the code the hacker group uses. Read more...

Major Vulnerabilities Disclosed

Flawed encryption leaves millions of smart grid devices at risk of cyberattacks

Millions of smart meters, thermostats, and other internet-connected devices are at risk of cyberattacks because they come with easily crackable encryption, a study has warned. Researchers, Philipp Jovanovic and Samuel Neves,  found that the "weak cryptography" used in the Open Smart Grid Protocol (OSGP), can easily be cracked through a series of relatively simple attacks. In one case, the researchers said they could "completely" defeat a device's cryptography. Read more...

Hacker 3D prints device that can crack a combo lock in 30 seconds

A California hacker who has become an expert in cracking locks has invented a 3D-printed machine that can crack a rotary combination lock in around 30 seconds – and he's released the plans, 3D models, and code as open source. Read more...

Legal, Regulatory and Corporate

‘Big Win’ for Big Brother: NSA Celebrates the Bill That’s Designed to Cuff Them

Civil libertarians and privacy advocates were applauding yesterday after the House of Representatives overwhelmingly passed legislation to stop the National Security Agency from collecting Americans’ phone records. But they’d best not break out the bubbly. The really big winner here is the NSA. Over at its headquarters in Ft. Meade, Md., intelligence officials are high-fiving, because they know things could have turned out much worse. Read more...

How Google Decides If You Have the "Right To Be Forgotten"

At a data-privacy conference in Berlin, Google’s global privacy counsel Peter Fleischer explained how the decision-making process over right to be forgotten requests plays out at Google, reports Wall Street Journal. As you might expect, it’s often a multi-stage process. Requests are submitted inline via a web form and sent directly to “a large team of lawyers, paralegals and engineers” in Google’s Dublin offices who “decide the easy cases.” Most of these simple ones— “the little shoplifting thing, the little this or that,” as Fleischer puts it— are just taken straight down. Read more...

Security and Beyond

Organizations lack control over mobile workspaces

More than 64 percent of respondents to a SANS survey said a majority of their mobile workforce can access their organizations’ secure data remotely, yet less than 25 percent said sufficient policies/controls are in place for mobile media. An additional 25 percent admitted to having no controls (no policy or technical controls enforced by centralized management) in place. The unmanaged personal computers, laptops, smartphones and tablets that make up almost one-third of the mobile BYOD used to access corporate data, combined with lack of controls, leave organizations vulnerable to data exposure. Read more...

Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research

The recent example of a software vendor leveraging laws like the Digital Millennium Copyright Act (DMCA) to intimidate a security researcher is counterproductive. The researcher and team at the security consulting firm IOActive took a risk by attempting to report security flaws in a digital lock, and the company that makes the lock didn't exactly welcome the news. Read more...

Security Awareness Tip

How safe is that email?

While most people may know not to open email attachments, many don't realize that dangers can lie in the body of an email too. HTML mail or mails that contain embedded photos are just as dangerous. Embedded images and PDFs can contain malicious code that is harmful.  So be sure not to open any unsolicited/suspicious mail.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.


Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and  feed-image Feed.

For any questions please click on the following contact us link

Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed