Silensec Newsletter

Zero-day in popular jQuery plugin actively exploited for at least three years

Zero-day in popular jQuery plugin actively exploited for at least three years

For the past three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers.

A security researcher discovered the vulnerability in the plugin's source code that handles file uploads to PHP servers.

According to the researcher, attackers have abused this vulnerability to upload malicious files on servers, such as backdoors and web shells.

Read more...

Tracking Tick through recent campaigns targeting East Asia

Tracking Tick Through Recent Campaigns Targeting East Asia

Since 2016, an advanced threat group that Cisco Talos is tracking has carried out cyberattacks against South Korea and Japan. This group is known by several different names: Tick, Redbaldknight and Bronze Butler.

Although each campaign employed custom tools, reseachers observed recurring patterns in the actor's use of infrastructure, from overlaps in hijacked command and control (C2) domains to differing campaign C2s resolving to the same IP.

Read more...

Facebook removes 800 accounts and pages for political spam, disinformation

Facebook removes 800 accounts and pages for political spam, disinformation

Facebook recently removed 559 Pages and 251 accounts that engaged in political spam and disinformation - or "inauthentic activity," as the company refers to this behavior.

The social network said spam is a regular problem on its platform. Bad actors create multiple accounts to post, vote, and promote their own content, which is usually a link to a 3rd-party website.

Read more...

Just answering a video call could compromise your WhatsApp account

Just answering a video call could compromise your WhatsApp account

Google Project Zero security researcher found a critical vulnerability in WhatsApp messenger that could have allowed hackers to remotely take full control of your WhatsApp just by video calling you over the messaging app.

The vulnerability is a memory heap overflow issue which is triggered when a user receives a specially crafted malformed RTP packet via a video call request, which results in the corruption error and crashing the WhatsApp mobile app. The bug has since been fixed.

Read more...

Chinese spying chips found in servers used by US tech companies

Chinese Spying Chips Found Hidden On Servers Used By US Companies

A report revealed details of a significant supply chain attack which appears to be one of the largest corporate espionage and hardware hacking programs from a nation-state.

According to the report, a tiny surveillance chip has been found hidden in the servers used by nearly 30 American companies, including Apple & Amazon.

The malicious chips, which were not part of the original server motherboards designed by the U.S-based company Super Micro, had been inserted during the manufacturing process in China.

Read more...

New Yorkers sue Trump and FEMA to stop Presidential Alert

New Yorkers sue Trump and FEMA to stop Presidential Alert

Three New York residents last week filed a lawsuit in the Southern District Court of New York against President Donald Trump and William Long, administrator of the Federal Emergency Management Agency.

The residents want to halt FEMA's new Presidential Alert messaging system, which enables Trump to deploy alerts of national emergencies.

Presidential Alerts are similar to Amber or other emergency alerts on your phone - you hear a loud noise comes along with vibration.

Read more...