Silensec Newsletter

Top News

The London Railway System Passwords Exposed During TV Documentary

The Weakest Link In the Information Security Chain is still – Humans. And this news has ability to prove this fact Right as one of London's busiest railway stations has unwittingly exposed their system credentials during a BBC documentary. The sensitive credentials printed and attached to the top of a station controller's monitor were aired. Read more...

72% of companies are not prepared for a data breach!

EiQ Networks conducted a survey on information security priorities and challenges. Based on responses from 168 IT decision makers across industries, results point to lack of confidence in their security technologies and lack of the people, processes to implement it. 72% of respondents stated that their IT infrastructure is "not well protected" and is vulnerable to APTs. Read more... 



Top News

The Great Cannon is China's powerful new hacking weapon 

The relentless days-long cyberattack on GitHub showed that someone was willing to use hundreds of thousands of innocent internet users to try to take down two single pages set up by an organization fighting Chinese censorship.A group of cybersleuths has discovered that someone is indeed China, as everyone suspected. More importantly, they’ve also learned that the attack was carried out with a powerful new cyberweapon, whose existence was previously unknown. Researchers at the ​Citizen Lab—a digital watchdog at the University of Toronto's Munk School of Global Affairs—are calling it the “Great Cannon.” It’s a tool essentially capable of monitoring internet traffic and targeting anyone its operators decide to hit, sending back malware or spyware, or using the target to flood another site with traffic. Read more...




Chinees mobile app used for hiring thugs to beat up people!

A satirical Chinese video about a mobile app that lets you hire thugs to beat up bullies has been turned into reality. According to Want China Times, the app has recently been removed from Chinese app stores because people were using it to arrange real-life beatings by real-life hitmen for hire. Read more...



Major Hacks of the Week

Magento Flaw Exploited in the Wild a few hours after disclosure

According to the security experts at Sucuri firm, within 24 hours after the disclosure of the vulnerability in Magento platform, bad actors are already attempting to hack e-commerce websites using it. The experts traced back the attacks to a couple of Russian IP addresses ( and Read more... 

How attackers exploit end-users' psychology

At RSA Conference 2015, Proofpoint released the results of its annual study that details the ways attackers exploit end-users' psychology to circumvent IT security. Read more...

Major Vulnerabilities Disclosed

Patching Windows HTTP vulnerability should be prioritized

A newly patched vulnerability in Windows has set alarm bells ringing because it can be used to remotely execute code on unpatched computers. Unsuccessful attempts may result in a blue screen of death (BSoD) condition, which could be used as a means to perform denial-of-service (DoS) attacks against computers running Microsoft Internet Information Services (IIS) servers. This vulnerability affects Windows 8.1, Windows 8, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows 7. If left unpatched, the vulnerability could enable remote code execution if an attacker sends a specially crafted HTTP request to a Windows computer. Read more...

Ransomware: Return of the mac(ro)

Ransomware attackers have resorted to reviving a very old attack vector, the malicious Word macro. Although they enjoyed their heyday more than a decade ago, Word macro attacks picked up in recent months before a major surge last week. One such ransomware campaign was discovered last week and targeted victims in France with emails that purport to come from the French Ministry for Justice. The emails informed the victim that a court judgment had been made against them, authorizing the seizure of property in lieu of money they owed. The fake judgment comes in an attached Microsoft Word document. The document contains a macro which, if allowed to run, will install several pieces of malware on the victim’s computer, including the Cryptodefense variant of ransomware (Trojan.Cryptodefense). Read more...

Legal, Regulatory and Corporate

Huawei CEO says Chinese cybersecurity rules could backfire

China can only ensure its information security in the long run if it keeps its market open to the best technology products, be they foreign or domestic, Huawei's rotating chief executive Eric Xu told Reuters on Tuesday.Xu's remarks are a rare example of a top Chinese CEO openly questioning the direction of Beijing's information security policy, already a source of concern for countries who fear it will limit opportunities for their technology firms. Read more...

Blackberry wants to lock down security for the Internet of Things

The Canadian company has plans to make that work in its favor with an encryption certificate based on subsidiary Certicom's elliptic-curved cryptography, this could secure numerous devices ranging from connected car systems to smart meters -- ease of security and authentication are the name of the game here. Read more... 

Security and Beyond

Export Google Search History

"You can download all of your saved search history to see a list of the terms you've searched for. This gives you access to your data when and where you want," informs Google. "When you download your past searches, a copy of your history will be saved securely to the Takeout folder in Google Drive. You can download the files to your computer if you want a copy on your computer." Google will send you an email when your archive is ready to download. Read more...

The Delicate Art of Remote Checks – A Glance Into MS15-034

By definition a remote check is a piece of code that allows the user to discern a vulnerability by actually exercising the code in a patch.  These types of checks became popular during the era of worms, as a way to reliably determine exploitability in circumstances where a server’s banner was not enough information to discern a patched status.  The exact process is somewhat difficult to capture as years of patch analysis at eEye (acquired by BeyondTrust in 2012) provides some measure of intuition. Read more...

Security Awareness Tip

2 step verification

You should to take advantage of 2 step authentication on google and facebook where a one time key is sent as an SMS everytime one wants to login.

Silensec Editorial Team

Editor: Dr. Almerindo Graziano
Dr. Graziano is the Silensec CEO. He holds an MSc in Electronic Engineering and a PhD in Mobile Computer Security, both from the University of Naples, Italy. Dr. Graziano has consulted in information security for private and government organisations across Europe, Africa and Middle East over the last 15 years. He is also a BSI-certified ISO27001 Lead Auditor trainer and auditor

Vice Editor: George Nicolaou (BSc, MSc)
George Nicolaou (BSc, MSc) leads the Silensec Malware Analysis Lab (MAL). He received his BSc in Computer Science and MSc in Advanced Computing Security from the University of Bath in UK, where he pursued research in malware and vulnerability analysis. For many years George has also been the Head of Research and Development department of the Astalavista Security Community. George is also a frequent speaker at security conferences around the world on advanced malware analysis, reverse engineering and exploit development techniques.

Associate Editor: Joseph Alulu (B.A)
Joseph Alulu leads the Silensec Marketing Department. He holds a Bachelors of Arts Degree from the University of Nairobi in Kenya. He publishes the weekly Silensec Newsletter, keeping you up to date on the latest information security news as well as creating information security awareness.

Please feel free to share this with interested parties via email, and social media. For a free subscription, please subscribe to our Mailing list and  feed-image Feed.

For any questions please click on the following contact us link

Top News

Russian Hackers Breached White House Via US State Department

Attackers who recently breached the US State Department compromised an unclassified White House system by sending spearphishing messages from a hijacked State Department email account, officials say. Attackers compromised an unclassified White House system in October by sending spearphishing messages from a hijacked US State Department email account, US officials say. Though unclassified, the system did include some sensitive communications in the executive office, including President Obama's schedule. Read more...

Man creates fake email address to initiate jail release

Fraudster Neil Moore decided that he’d put his fraud skills into practice by creating a fake website and email account using an illicit mobile phone to get himself released from prison. Described as “Extraordinary inventiveness” by prosecutor Ian Paton, Moore registered a website domain with a similar name to that of the court service’s official address. He then used this domain to send an email to the prison containing instructions for his release. Read more... 



Silensec Cyprus HQ

Silensec Africa

Feel free to contact us if you have any problems.

Silensec UK

Feel free to contact us if you have any problems.

News Feed