- Tuesday, 07 July 2015
- Hits: 1486
Hackers Hit the IRS and Make Off With 100K Taxpayers’ Files
Study: Average cost of data breach is $6.5M !!!
|Major Hacks of the Week|
The website of popular British Chef Jamie Oliver is still having issues and potentially infecting visitors looking for a recipe or other material on JamieOliver.com. Browsing any page will trigger a malicious redirection chain to, a password stealer , the Fiesta exploit kit. Read more...
The Naikon hacker group is exploiting government, civil and military organizations in the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Thailand, Laos, China and Nepal, according to a new report from security firm Kaspersky Lab. The Naikon hackers, active for the last five years, have a repertoire of 48 backdoor commands in their toolset to exploit victims. The name Naikon is a reference to a name that is found in the code the hacker group uses. Read more...
|Major Vulnerabilities Disclosed|
Millions of smart meters, thermostats, and other internet-connected devices are at risk of cyberattacks because they come with easily crackable encryption, a study has warned. Researchers, Philipp Jovanovic and Samuel Neves, found that the "weak cryptography" used in the Open Smart Grid Protocol (OSGP), can easily be cracked through a series of relatively simple attacks. In one case, the researchers said they could "completely" defeat a device's cryptography. Read more...
A California hacker who has become an expert in cracking locks has invented a 3D-printed machine that can crack a rotary combination lock in around 30 seconds – and he's released the plans, 3D models, and code as open source. Read more...
Legal, Regulatory and Corporate
Civil libertarians and privacy advocates were applauding yesterday after the House of Representatives overwhelmingly passed legislation to stop the National Security Agency from collecting Americans’ phone records. But they’d best not break out the bubbly. The really big winner here is the NSA. Over at its headquarters in Ft. Meade, Md., intelligence officials are high-fiving, because they know things could have turned out much worse. Read more...
At a data-privacy conference in Berlin, Google’s global privacy counsel Peter Fleischer explained how the decision-making process over right to be forgotten requests plays out at Google, reports Wall Street Journal. As you might expect, it’s often a multi-stage process. Requests are submitted inline via a web form and sent directly to “a large team of lawyers, paralegals and engineers” in Google’s Dublin offices who “decide the easy cases.” Most of these simple ones— “the little shoplifting thing, the little this or that,” as Fleischer puts it— are just taken straight down. Read more...
|Security and Beyond|
More than 64 percent of respondents to a SANS survey said a majority of their mobile workforce can access their organizations’ secure data remotely, yet less than 25 percent said sufficient policies/controls are in place for mobile media. An additional 25 percent admitted to having no controls (no policy or technical controls enforced by centralized management) in place. The unmanaged personal computers, laptops, smartphones and tablets that make up almost one-third of the mobile BYOD used to access corporate data, combined with lack of controls, leave organizations vulnerable to data exposure. Read more...
The recent example of a software vendor leveraging laws like the Digital Millennium Copyright Act (DMCA) to intimidate a security researcher is counterproductive. The researcher and team at the security consulting firm IOActive took a risk by attempting to report security flaws in a digital lock, and the company that makes the lock didn't exactly welcome the news. Read more...
|Security Awareness Tip|
While most people may know not to open email attachments, many don't realize that dangers can lie in the body of an email too. HTML mail or mails that contain embedded photos are just as dangerous. Embedded images and PDFs can contain malicious code that is harmful. So be sure not to open any unsolicited/suspicious mail.
|Silensec Editorial Team|
Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor
Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.
Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.
For any questions please click on the following contact us link