Silensec Newsletter

Capital One gets capital done: Hacker swipes personal info on 106 million US, Canadian credit card applicants

Capital One gets capital done: Hacker swipes personal info on 106 million US, Canadian credit card applicants

Capital One has disclosed that it has suffered a data breach impacting 100 million people in the United States, and 6 million in Canada.

The company said in a statement that data between 2005 and 2019 was accessed and related to information on consumers at the time when they applied for a credit card.

Read more...

Honda Motor Company leaks database with 134M rows of employee computer data

Honda Motor Company leaks database with 134M rows of employee computer data

Honda Motor Company, one of the largest automobile manufacturers in the world, misconfigured an ElasticSearch database containing approximately 134 million documents, and amounted to roughly 40GB of internal data.

The information available in the database appeared to be something like a inventory of all Honda internal machines.

Read more...

Yet Another Ransomware Attack: Louisiana governor declares state emergency after local ransomware outbreak

Louisiana governor declares state emergency after local ransomware outbreak

Louisiana governor has activated a state-wide state of emergency in response to a wave of ransomware infections that have hit multple school districts.

The ransomware infections took place this week and have impacted the school districts of three North Louisiana parishes - Sabine, Morehouse, and Ouachita.

IT networks are down at all three school districts, and files have been encrypted and are inaccessible, local media outlets are reporting.

Read more...

Imperva blocked the largest Layer 7 DDoS attack it has ever seen

Imperva blocked the largest Layer 7 DDoS attack it has ever seen

An undisclosed streaming service was hit by a 13-day DDoS massive attack powered by a Mirai botnet composed of 402,000 IoT devices.

Imperva confirmed that its systems were able to repel the attack and the service remained up and running during the DDoS attack. According to Imperva, it was the largest Layer 7 DDoS attack it has ever seen.

Read more...

Instagram bug could have allowed anyone to take over your account

Instagram bug could have allowed anyone to take over your account

A security researcher from India has won $30,000 in a bug bounty program after he found a flaw in Facebook-owned photo-sharing app Instagram.

Laxman Muthiyah discovered a vulnerability that allowed him to hack any Instagram account without consent permission.

He took over someone's Instagram account by clicking on forget the password or requesting a recovery code against the account.

Read more...

Slack resets passwords for users who hadn't changed it since 2015 breach

Slack resets passwords for users who hadn't changed it since 2015 breach

Slack has been sending a "password reset" notification email to all those users who had not yet changed passwords for their Slack accounts since 2015 when the company suffered a massive data breach.

For those unaware, in 2015, hackers unauthorisedly gained access to one of the company's databases that stored user profile information, including their usernames, email addresses, and hashed passwords.

Read more...