- Wednesday, 15 July 2015
- Hits: 964
Cybercriminals phish iCloud credentials from victims of iPhone, iPad theft
DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation
Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips and gaining higher kernel privileges on the system. Read more...
|Major Hacks of the Week|
LinkedIn Hack Tool Exposes Users' Emails without Exploiting Any Vulnerability
A Free Chrome, Firefox and Safari web browser plugin floating around the web, called 'Sell Hack' allows users to view the hidden email address of any LinkedIn user, means anyone can grab email addresses that we use for professional purposes. When installed, the 'Sell Hack' plugin will pop up a 'Hack In' button on LinkedIn profiles and further automatically mines email addresses of LinkedIn user. Read more...
Minimal oversight of GCHQ hacking is 'a major scandal
Details of GCHQ's hacking operations and attempts to weaken encryption were revealed in a parliamentary committee report into the UK's surveillance capabilities. The Intelligence and Security Committee (ISC) review, published last week, revealed GCHQ makes the majority of decisions about hacking, and its operations to weaken encryption, internally and without telling ministers exactly what it is doing. Read more...
|Major Vulnerabilities Disclosed|
Adobe Flash Player Update Patches 11 Critical Vulnerabilities
Adobe has rolled-out an update for its popular Flash Player software that patches a set of 11 critical security vulnerabilities in its program, most of which potentially allow hackers to remotely execute arbitrary code on vulnerable systems. Read more...
|Legal, Regulatory and Corporate|
Facebook Login hijacking tool offered to black hat hackers
Yahoo unveils sneak peek at end-to-end email encryption plugin
Yahoo teamed up with Google to offer a browser-based encryption plugin after both companies were hit by allegations that the US government had intercepted their data by tapping into datacenter links.The plugin works by encrypting email messages on a person's computer before it travels across Yahoo's networks, foiling any now-public program that allowed messages to be intercepted.
The plugin is now available on code-sharing site Github, and is available for scrutiny by developers and security experts. Read more...
|Security and Beyond|
EquationDrug: Sophisticated, stealthy data theft for over a decade
|Security Awareness Tip|
How to stop DDoS attacks
A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services...
There's no way to completely protect your network from denial-of-service attacks, especially with the prevalence of distributed denial-of-service (DDoS) attacks on the Internet today. It's extremely difficult to differentiate an attack request from a legitimate request because they often use the same protocols/ports and may resemble each other in content.
However, there are some things you can do to reduce your risk:
- Purchase a lot of bandwidth. Is the easiest but also the most expensive solution. It makes perpetrating a DoS attack much more difficult because it's more bandwidth that an attacker has to clog.
- Use DoS attack detection technology. Intrusion prevention system and firewall manufacturers now offer DoS protection technologies that include signature detection and connection verification techniques to limit the success of DoS attacks.
- Prepare for DoS response. The use of throttling and rate-limiting technologies can reduce the effects of a DoS attack. One such response mode stops all new inbound connections in the event of a DoS attack, allowing established connections and new outbound connections to continue.
|Silensec Editorial Team|
Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor
Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.
Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.
For any questions please click on the following contact us link