Google Announces 5 Major Updates for Chrome Extensions to Improve Browser Security

➜ https://thehackernews.com/2018/10/google-chrome-extensions-security.html

1) User-Controllable Host Permissions
2) No Code Obfuscation
3) Mandatory 2-Step Verification
4) Strict Web Store Review Policies
5) New Manifest v3

UPDATE — #Facebook 'so far' finds no evidence that hackers accessed any connected 3rd-party apps using 50 million stolen access tokens

However, Facebook also clarifies that revoking 90 million stolen tokens doesn't mean your accounts with all 3rd-party apps are protected.

https://thehackernews.com/2018/10/facebook-token-hacking.html

FASTCash ATM Hacking Scheme Unveiled — North Korean "Hidden Cobra" Hacking Group Compromises Banks’ Switch Application Servers to Trick ATMs into Spitting Out Millions in Cash

https://thehackernews.com/2018/10/bank-atm-hacking.html

Wi-Fi Standards Get Simplified Version Numbers... and Next Version Will Be Called — WiFi 6

https://thehackernews.com/2018/10/wifi-version-6.html

That means, the new versions for all previous standards are:

802.11b → WiFi 1
802.11a → WiFi 2
802.11g → WiFi 3
802.11n → WiFi 4
802.11ac (current) → WiFi 5

Chinese #Spying Microchips Found Hidden On Server Motherboards Used By Top U.S. Companies, Including Apple, Amazon and 28 Others.


https://thehackernews.com/2018/10/china-spying-server-chips.html


These Tiny Malicious Chips were Inserted During the Manufacturing Process in China.

Silk Road Admin, Gary Davis, Pleads Guilty — Could Face Up to 20 Years In Prison
. He served as an administrator who helped run the Silk Road, an underground marketplace responsible for selling over $200 million in illegal narcotics and other contraband.

https://thehackernews.com/2018/10/silkroad-admin-gary-davis.html

Turns Out MikroTik Router's WinBox Vulnerability (CVE-2018-14847) is More Dangerous Than Previously Thought

New PoC Exploit Allows Attackers to Gain Full Root Access—Turned 'Medium' Vulnerability Into 'Critical' in Severity

https://thehackernews.com/2018/10/router-hacking-exploit.html

Google is Going to Shut Down its Google+ Social Media Site After an API Vulnerability Exposed 500,000 Users' Data

https://thehackernews.com/2018/10/google-plus-shutdown.html

From Now On, Only Default Android Apps (Set by Users) Can Access Call Log and SMS Data

https://thehackernews.com/2018/10/android-app-privacy.html

Adobe Releases #Security Patch Updates for 11 Vulnerabilities in #Adobe Digital Editions, Framemaker, and Technical Communications Suite

https://thehackernews.com/2018/10/adobe-security-updates.html

October 2018 Patch Tuesday – #Microsoft releases security patches for a total 49 vulnerabilities, 12 of which are critical in severity.

https://thehackernews.com/2018/10/microsoft-windows-update.html

Details of 3 flaws were publicly disclosed, and one is under active attack.

⚡Just answering a video call could have let hackers completely compromise your WhatsApp account remotely.

Hackers only need your phone number to hack and spy on your secret WhatsApp conversations.

https://thehackernews.com/2018/10/hack-whatsapp-account-chats.html

Facebook Confirms 30 Million Accounts Were Hacked In the Latest Security Breach.

Read This for Updated Details: https://thehackernews.com/2018/10/hack-facebook-account.html

Also Check☝If You're One of the Affected Users.

Starting in Android Pie 9, Google encrypts cloud backup data of your Android devices with your lockscreen password—in a way that Google itself can’t decrypt it.
Titan Security Chip is playing an important role for the new privacy feature.

Read more: https://thehackernews.com/2018/10/android-cloud-backup.html

📢 All Major Web Browsers—Chrome, Firefox, Edge, IE and Safari—Today Announced Their Plans to Remove Support for TLS 1.0 and TLS 1.1 Encryption Protocol

https://thehackernews.com/2018/10/web-browser-tls-support.html

*New* #iPhone Lock Screen Bypass Bug Lets Anyone Access Your Private Photos and Send Them to Another Device

https://thehackernews.com/2018/10/iphone-lock-passcode-bypass.html

Works On the Latest Apple iOS 12.0.1 Version

Google will charge Android phone makers to pre-install its apps on devices sold in Europe

Following EU’s antitrust cases against Google, the company introduces new paid licenses for manufacturers who don't want to pre-install Google apps (that generate revenue for Google).

Google has made its point very bold and clear. Europe can’t selectively pre-install some of the Google apps to enjoy billion dollar services for free and fine Google with $5 BILLION.

From now on, either pre-install all Google apps for free, or install selective apps with paid licences, or simply don’t use any app, not even the Play Store.

https://thehackernews.com/2018/10/google-android-european-commission.html

⚡Ridiculously "Simple to Exploit" LibSSH Authentication Bypass Flaw (CVE-2018-10933) Allows Attackers to Take Over Vulnerable Servers Without Requiring Passwords

https://thehackernews.com/2018/10/libssh-ssh-protocol-library.html

🤔HINT → Just Tell the Server You Have Successfully Logged-In, It Will Trust You!

(Tumblr patches a critical vulnerability)[https://thehackernews.com/2018/10/tumblr-account-hacking.html] in the "Recommended Blogs" feature on its desktop version of the website that could have allowed hacker to steal users’ account information, including emails and passwords (hashed and salted)

Several critical vulnerabilities found in #Amazon FreeRTOS #IoT operating system, which also affect its variants: OpenRTOS and SafeRTOS

https://thehackernews.com/2018/10/amazon-freertos-iot-os.html

Reported flaws could allow remote attackers to execute malicious code, leak information or crash targeted devices

Signal Secure Messaging App Introduces A New Feature Called "Sealed Sender" That Encrypts 🔒Sender's Identity Along with the Message ✉️

https://thehackernews.com/2018/10/signal-secure-messaging-metadata.html …

Signal Aims to Further Reduce the Metadata Information That's Still Accessible to the Company.