Silensec Newsletter

Instagram bug could have allowed anyone to take over your account

Instagram bug could have allowed anyone to take over your account

A security researcher from India has won $30,000 in a bug bounty program after he found a flaw in Facebook-owned photo-sharing app Instagram.

Laxman Muthiyah discovered a vulnerability that allowed him to hack any Instagram account without consent permission.

He took over someone's Instagram account by clicking on forget the password or requesting a recovery code against the account.

Read more...

Slack resets passwords for users who hadn't changed it since 2015 breach

Slack resets passwords for users who hadn't changed it since 2015 breach

Slack has been sending a "password reset" notification email to all those users who had not yet changed passwords for their Slack accounts since 2015 when the company suffered a massive data breach.

For those unaware, in 2015, hackers unauthorisedly gained access to one of the company's databases that stored user profile information, including their usernames, email addresses, and hashed passwords.

Read more...

Kenya telecoms giant sued over 'data breach'

Kenya telecoms giant sued over 'data breach'

Kenya's biggest mobile service provider Safaricom is being sued for allegedly violating the data privacy of its 11.5 million consumers.

A subscriber has accused the telecom giant of exposing his sports betting history and biodata, according to a legal petition filed at the High Court in the capital, Nairobi.

Read more...

Two Florida cities paid $1.1 Million to ransomware hackers this month

Two Florida cities paid $1.1 Million to ransomware hackers this month

In the last two weeks, Florida has paid more than $1.1 million in bitcoin to cybercriminals to recover encrypted files from two separate ransomware attacks - one against Riviera Beach and the other against Lake City.

Lake City, a city in northern Florida, agreed on Monday to pay hackers 42 Bitcoin (equivalent to $573,300 at the current value) to unlock phone and email systems following a ransomware attack that crippled its computer systems for two weeks.

Read more...

Adobe updates fix code execution issues in Campaign, ColdFusion, and Flash

Adobe updates fix code execution issues in Campaign, ColdFusion, and Flash

Adobe's recent security updates for June 2019 address some critical arbitrary code execution vulnerabilities in Flash Player, Cold Fusion and Campaign products. Adobe fixed critical command injection, file extension blacklist bypass and deserialization vulnerabilities in ColdFusion.

The vulnerabilities could lead to arbitrary code execution on vulnerable systems.

Read more...

Telegram suffers 'powerful DDoS attack' from China during Hong Kong protests

Telegram suffers 'powerful DDoS attack' from China during Hong Kong protests

Telegram, one of the most popular encrypted messaging app, briefly went offline on the 13th of June, 2019 for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers.

Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage Hong Kong protesters.

Read more...