Profile cover photo
Profile photo
Silensec
113 followers -
Information Security Consulting and Training
Information Security Consulting and Training

113 followers
About
Posts

Post is pinned.Post has attachment
Public
Add a comment...

Post has attachment
Hackers steal data of 75,000 users after Healthcare.gov FFE breach

#Hackers have breached a HealthCare(dot)gov sign-up #system (Federally Facilitated Exchanges) and have gotten their hands on the personal #information of roughly 75,000 people. The #FFE system is managed by the Centers for Medicare & #Medicaid Services (CMS), which said that it detected "anomalous system activity" in the FFE on October 13, 2018 and immediately started an investigation. A #breach was confirmed the past week, on Tuesday, October 16.

https://www.zdnet.com/article/hackers-steal-data-of-75000-users-after-healthcare-gov-ffe-breach/

#infosec #hacking #healthcare #govt #cybersecurity #privacy
Photo
Add a comment...

Post has attachment
Public
Our round up of the latest #infosec #news editorials to kick start your week!

#Subscribe to our newsletter on: www.silensec.com/subscribe to join our ever growing professionals community.


https://www.silensec.com/news/435-october-19th-2018-vol-4-num-042

#security #tech #business #awareness #privacy #cybersecurity
Add a comment...

Post has attachment
Public
Splunk patches Several Flaws in Enterprise, Light Products

#Splunk recently patched several #vulnerabilities in its #Enterprise and #Light products, including #flaws that have been rated “high severity.” Splunk Light is a solution that automates log searching and analysis, along with server and network monitoring, in small IT #networks. The most serious of the vulnerabilities affecting these products – with a #CVSS score of 8.1 – is CVE-2018-7427, a cross-site scripting (XSS) issue in the Splunk Web interface.

https://www.securityweek.com/splunk-patches-several-flaws-enterprise-light-products

#infosec #patching #tech
Photo
Add a comment...

Post has attachment
Public
Cyber Espionage Campaign Reuses Code from China's APT1

Several #US organizations appear to be victims of a widespread data reconnaissance #campaign involving #malware last associated with Comment Crew aka #APT1, a Chinese military-linked group that is believed responsible for stealing #data from dozens of American companies between 2006 & 2010. The attack group behind the latest campaign has carried out at least five separate waves of #attacks against #organizations in various sectors.

https://www.darkreading.com/attacks-breaches/cyber-espionage-campaign-reuses-code-from-chinas-apt1/d/d-id/1333073

#infosec #cyberespionage #cybercrime #govt
Photo
Add a comment...

Post has attachment
Public
Tracking Tick Through Recent Campaigns Targeting East Asia

Since 2016, an advanced threat group that #Cisco #Talos is tracking has carried out #cyberattacks against #SouthKorea and #Japan. This group is known by several different names: #Tick, #Redbaldknight and #BronzeButler. Although each #campaign employed custom tools, reseachers observed recurring patterns in the actor's use of infrastructure, from overlaps in hijacked command and control (C2) domains to differing campaign C2s resolving to the same IP.

https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html

#infosec #cybercrime #hacking #tick #cybersecurity
Photo
Add a comment...

Post has attachment
Public
Zero-day in popular jQuery plugin actively exploited for at least three years

For the past three years, hackers have abused a #zeroday in one of the most popular #jQuery #plugins to plant web shells and take over vulnerable web servers. A #security researcher discovered the #vulnerability in the plugin's #sourcecode that handles file uploads to #PHP servers. According to the researcher, attackers have abused this vulnerability to upload malicious files on #servers, such as #backdoors and #webshells.

https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/

#infosec #patch #tech #security
Photo
Add a comment...

Post has attachment

Post has attachment
Public
4 yr old libssh Bug Leaves Servers Wide Open

A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn’t that big as neither OpenSSH or the GitHub implementation are affected. The bug is in the not so widely used libSSH library, not to be confused with libssh2 or OpenSSH – which are very widely used.

https://www.darknet.org.uk/2018/10/four-year-old-libssh-bug-leaves-servers-wide-open/

#infosec #libssh #bug #patch #tech
Photo
Add a comment...

Post has attachment
Public
Safaricom Increases Voice, Data, SMS Cost Following Finance Law

Safaricom has formally announced that they have reviewed their prices for various services they offer thanks to the recently passed Finance Act of 2018. In the Finance Act 2018, excise duty tax applicable on voice, SMS and Data services was increased to 15% from 10% and this is on top of the VAT applicable on this mobile services which is at 16%.

https://techweez.com/2018/10/17/safaricom-increases-voice-data-sms-cost-finance-act-2018/

#infosec #Safaricom #data #sms #fincance #act #security
Photo
Add a comment...
Wait while more posts are being loaded