Silensec Newsletter

Several vulnerabilities found in Cisco Industrial Network Director

Several vulnerabilities found in Cisco Industrial Network Director

Cisco on recently informed customers that several vulnerabilities, including a code execution flaw classified as "high severity," have been found in the company's Industrial Network Director product. While conducting internal security testing, Cisco employees identified three types of vulnerabilities in Industrial Network Director. The most serious of them, tracked as CVE-2019-1861 with a CVSS score of 7.2, is a remote code execution flaw.

Read more...

Hackers steal $9.5 million from GateHub cryptocurrency wallets

Hackers steal $9.5 million from GateHub cryptocurrency wallets

Cybercriminals have stolen 23.2 million Ripple coins (XRP), worth nearly $9.5M, from the users of the GateHub cryptocurrency wallet service. The company admitted to the security breach in a preliminary statement posted on its website. While the incident is still under investigation, the company believes the hacker abused its API to carry out the attacks, though it is unsure how.

Read more...

HawkEye malware operators renew attacks on business users

HawkEye malware operators renew attacks on business users

Researchers have reported an increase in HawkEye v9 keylogger infection campaigns targeting businesses around the world. In campaigns observed by the researchers in April and May 2019, the HawkEye malware focused on targeting business users, aiming to infect them with an advanced keylogging malware that can also download additional malware to their devices.

Read more...

Mozilla returns crypto-signed website packaging spec to sender - yes, it's Google

Mozilla returns crypto-signed website packaging spec to sender - yes, it's Google

Mozilla recently published a series of objections to web packaging, a content distribution scheme proposed by engineers at Google that the Firefox maker considers harmful to the web in its current form.

Google engineers talked up the tech, which consists of several related projects that allow website resources to be packaged and cryptographically signed for redistribution by third parties. Making websites portable, Google contends, facilitates more efficient delivery, easier sharing and offline access.

Read more...

U.S. charges WikiLeaks' Julian Assange with violation of the Espionage Act

U.S. charges WikiLeaks' Julian Assange with violation of the Espionage Act

A federal grand jury has indicted WikiLeaks founder Julian Assange on 18 counts under the U.S. Espionage Act for his role in publishing classified material. The 18-count superseding indictment is now likely to intensify the legal dispute surrounding the 47-year-old Assange and whether his publishing of classified documents is an act of espionage or a protected right under the First Amendment.

Read more...

Instagram website leaked phone numbers and emails for months, researcher says

Instagram website leaked phone numbers and emails for months, researcher says

Instagram's website leaked user contact information, including phone numbers and email addresses, over a period of at least four months, a researcher says. The source code for some Instagram user profiles included the account holder's contact information whenever it loaded in a web browser, a data scientist and business consultant, who notified Instagram shortly after he discovered the problem earlier this year.

Read more...