Silensec Newsletter

Targeted attacks hit multiple embassies with Trojanized TeamViewer, Kenya included!

Targeted attacks hit multiple embassies with Trojanized TeamViewer, Kenya included!

Security experts have uncovered a cyberespionage campaign leveraging a weaponized version of TeamViewer and malware disguised as a top-secret US government document to target officials in several embassies in Europe. The targeted attacks aimed at Embassy officials from at least 7 countries (Italy, Kenya, Bermuda, Nepal, Guyana, Lebanon & Liberia), tied to govt revenue related roles and the financial sector.

Read more...

Facebook EXPECTING to face a fine of up to $5 billion, due to privacy violation!

Facebook EXPECTING to face a fine of up to $5 billion, due to privacy violation!

Facebook expects to face a massive fine of up to $5 billion from the Federal Trade Commission FTC as the result of an investigation into its privacy policies - that's about one month's revenue for the social media giant.

The company had set $3 billion aside in anticipation of the settlement with the FTC, who launched a probe into Facebook following the Cambridge Analytica scandal.

Read more...

Facebook still collecting user information without user permission: 1.5 million email accounts this time round

Facebook still collecting user information without user permission: 1.5 million email accounts this time round

Not a week goes without a new Facebook blunder.

Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity?

At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts.

Now it turns out that the collection of email contacts was true, Facebook finally admits that they "unintentionally" uploaded email contacts of 1.5 million new users on its servers, without their consent or knowledge.

Read more...

CVE-2019-0803 Windows flaw exploited to deliver PowerShell Backdoor

CVE-2019-0803 Windows flaw exploited to deliver PowerShell Backdoor

April 2019 Patch Tuesday security updates addressed a local privilege escalation flaw in Windows operating system, tracked as CVE-2019-0859 that had been exploited by threat actors to deliver a PowerShell backdoor.

The flaw could allow an attacker to escalate privileges on the target system, it exists due to the way the Win32k component handles objects in memory.

Read more...

Backdoor code found in popular Bootstrap-Sass Ruby library

Backdoor code found in popular Bootstrap-Sass Ruby library

Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update.

The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today.

Read more...

540 million Facebook user records found on unprotected Amazon servers

540 million Facebook user records found on unprotected Amazon servers

Two companies exposed more than 540 million records containing information on Facebook users and their activities by leaving the data unprotected in Amazon Web Services (AWS) S3 buckets. Researchers identified an unprotected S3 bucket belonging to a Mexico-based digita media publisher named Cultura Colectiva, which publishes content for sharing on social media networks, has nearly 24 million followers on Facebook.

The second exposed AWS bucket was associated with a defunct application called “At the Pool.” This database also stored information on Facebook customers and their interests, but it also included names, email addresses and plaintext passwords for 22,000 users.

Read more...