Silensec Newsletter

Air Canada data breach - 20,000 users of its mobile app affected

Air Canada data breach - 20,000 users of its mobile app affected

Air Canada data breach - The incident was confirmed by the company and may have affected 20,000 customers of its 1.7M mobile app users.

The news was confirmed by Air Canada that revealed to have detected unusual login behaviour with Air Canada’s mobile App between Aug. 22-24, 2018, it added that financial data was protected but invited to remain vigilant for fraudulent credit card transactions.

The company has asked Mobile+ app users to reset their accounts as a security precaution. Air Canada contacted potentially affected customers by email to notify the data breach.

Read more...

Instagram's new security tools are a welcome step, but not enough

Instagram's new security tools are a welcome step, but not enough

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. Recently, the Facebook-owned social network said it is in the process of rolling out support for 3rd-party authentication apps.

Unfortunately, this welcome new security offering does nothing to block Instagram account takeovers when thieves manage to hijack a target’s mobile phone number - an increasingly common crime.

Read more...

Hacky hack hack': Teen arrested for breaking into Apple's network

Hacky hack hack': Teen arrested for breaking into Apple's network

An overzealous Apple fanboy from Australia plead guilty to criminal charges after he allegedly cracked the Cupertino giant's systems in hopes of landing a job. The 16 year-old hackeroo is said to have broken into the tax racket's servers on more than one occasion, downloading around 90GB worth of iStuffs and saving it into a folder labeled "hacky hack hack."

According local reports, the young man's defense attorneys claim that the hacking was done out of admiration. The junior Apple fan was only trying to get Apple's attention. Now, instead of a job, he faces a criminal conviction.

Read more...

Microsoft patches zero-day flaws in Windows, Internet Explorer

Microsoft patches zero-day flaws in Windows, Internet Explorer

Microsoft’s Patch Tuesday updates for August 2018 address 60 vulnerabilities, including 2 zero-day flaws affecting Windows and Internet Explorer. One of the actively exploited vulnerabilities is CVE-2018-8414, which Microsoft learned of in June.

20 vulnerabilities patched this month have been rated “critical” and, unsurprisingly, many of them impact Edge and Internet Explorer. RCE flaws discovered in SQL Server, Exchange, and Windows have also been assigned a “critical” severity rating.

Read more...

Snapchat source code leaked after an iOS update exposed it

Snapchat source code leaked after an iOS update exposed it

Hackers gained access to the source code of the front-end of SnapChat instant messaging app for iOS and leaked it on GitHub. A GitHub account associated with a person with the name Khaled Alshehri who goes online with the handle i5xx created the GitHub repository titled Source-Snapchat.

After being notified, Snap Inc., has confirmed the authenticity of the source code and asked GitHub to remove it by filing a Digital Millennium Copyright Act request.

Read more...

New Method Discovered for Cracking WPA2 Wi-Fi Passwords

New Method Discovered for Cracking WPA2 Wi-Fi Passwords

A security researcher has revealed a new Wi-Fi hacking technique that makes it easier for hackers to crack WiFi passwords of most modern routers.

The new WiFi hack works explicitly against WPA/WPA2 wireless network protocols with Pairwise Master Key Identifier (PMKID)-based roaming features enabled.

The attack to compromise the WPA/WPA2 enabled WiFi networks was accidentally discovered while the researcher was analyzing the newly-launched WPA3 security standard.

Read more...