Researchers Discover Another Hyper-Threading Vulnerability in Intel CPUs

New PortSmash (CVE-2018-5407) Side-Channel Attack Could Allow Malicious Processes to Steal Sensitive and Protected Data

Read More: https://thehackernews.com/2018/11/portsmash-intel-vulnerability.html

BleedingBit — Two New Critical #Bluetooth Chip RCE Vulnerabilities (CVE-2018-16986 and CVE-2018-7080) Expose Millions of BLE-Enabled Enterprise Networking Devices to Remote Attacks

https://thehackernews.com/2018/11/bluetooth-chip-hacking.html

Unpatched Oracle's VirtualBox Zero-Day Vulnerability and Exploit Details Released Online:

Read ➣ https://thehackernews.com/2018/11/virtualbox-zero-day-exploit.html

New VirtualBox Exploit Could Allow Attackers to Escape Virtual Machines and Compromise Host Operating System.

Hackers compromised popular Web Traffic Analytics service "StatCounter" to steal Bitcoins from Gate[.]io cryptocurrency exchange users
. Malicious code bundled with the widely-used StatCounter analytics script gets injected into 700,000 websites, but targeted only cryptocurrency sites and their users.

https://thehackernews.com/2018/11/statcounter-cryptocurrency-cyberattack.html

New Android "In-app Updates" API Lets Developers Push Updates Within Their Apps Which Users Can Install While Using Them

https://thehackernews.com/2018/11/android-in-app-updates-api.html

Popular drone maker DJI left its website and mobile apps users vulnerable for 6 months that could have allowed hackers to hijack Drone account and access sensitive data—including flight records, drone's location, live video feed and photos.

https://thehackernews.com/2018/11/dji-drone-hack_8.html

23-Year-Old "DerpTroll" Hacker Pleads Guilty to #DDoS Attacks Against Sony, EA and Steam Gaming Companies
.
He Could Face Maximum Penalty of 10 Years in Prison and Fine of $250,000

https://thehackernews.com/2018/11/gaming-server-ddos-attack.html

New SDK APIs and Wi-Fi settings in Insider Preview editions suggest that support for the latest WPA3 Wi-Fi Security Protocol is coming very soon to Windows 10 operating system

https://thehackernews.com/2018/11/windows-10-wpa3-wifi-security.html

Yet Another #Facebook Bug Discovered That Could Have Exposed Private Information About You and Your Friends to Attackers

https://thehackernews.com/2018/11/facebook-vulnerability-hack.html

Read More ☝ and Watch Demonstration Video

It’s Patch Tuesday — 63 New Vulnerabilities (Including 0-Days) #Windows Users Need to Patch Immediately

https://thehackernews.com/2018/11/microsoft-patch-tuesday-updates.html

• 12 Critical Flaws
• 49 Important—2 Publicly Disclosed & 1 Being Exploited in the Wild
• 1 Moderate
• 1 Low Flaw

7 New #Meltdown and #Spectre-type Transient Execution Attacks Discovered Affecting Intel, AMD, ARM Processors



Read More → https://thehackernews.com/2018/11/meltdown-spectre-vulnerabilities.html

Latest iPhone X, Samsung Galaxy S9, Xiaomi Mi6—all GET HACKED at Pwn2Own 2018 mobile hacking competition

https://thehackernews.com/2018/11/mobile-hacking-exploits.html

White-hat hackers earned a total $325,000 bounty for finding 18 zero-day vulnerabilities

Critical flaw found in one of the popular Google #AMP (Accelerated Mobile Pages) plugins for #WordPress, installed by more than 100,000+ websites.

https://thehackernews.com/2018/11/amp-plugin-for-WordPress.html

"AMP for WP" patched version 0.9.97.20 has been released – UPDATE NOW

The real identity of notorious hacker, "Tessa88," who sold LinkedIn, Dropbox, Facebook, Twitter, VKontakte (and more high-profile) databases on Dark Web forums revealed as → Maksim Vladimirovich Donakov (Максим Владимирович Донаков) from Russia.

https://thehackernews.com/2018/11/tessa88-russian-hacker.html

🎉Great news for white-hat hacker... now get paid up to $40,000 for finding-and-reporting ways to hack Facebook, Instagram, WhatsApp, or Oculus accounts.

https://thehackernews.com/2018/11/cybersecurity-bug-bounty.html

⚡How just opening a webpage in Safari could have HACKED your macOS system

Details & PoC → https://thehackernews.com/2018/11/apple-macos-zeroday.html

Syndis team (with Dropbox) reported 3 flaws in Apple #macOS, which if chained together, could have allowed sites to execute malicious code on visitors' computers

A Security flaw in US Postal Service 📫 exposed 60 million users' personal data, including emails, account numbers, addresses & phone numbers

https://thehackernews.com/2018/11/usps-data-breach.html

🤦🏻‍ Even after receiving responsible disclosure from researcher, USPS left the flaw unpatched for over a year

Rogue open-source developer infected the widely used NodeJS module "Event-Stream" with malicious code to steal bitcoin from wallets

https://thehackernews.com/2018/11/nodejs-event-stream-module.html

With 2,000,000 weekly downloads, Event-Stream is one of the most popular NPM packages being used by millions of web apps

FBI shuts down a massive multimillion-dollar online #Adfraud operation – dubbed "3ve" – and arrested 8 cyber criminals!

https://thehackernews.com/2018/11/3ve-ad-fraud-google.html

Hackers infected over 1.7 million computers and made millions of dollars from ads that were never actually viewed by real humans.

U.S. today announced charges against 2 Iranian hackers for creating & using SamSam #ransomware that extorted over $6 million from victims

https://thehackernews.com/2018/11/samsam-ransomware-iranian-hackers.html

Since both operate from Iran, they haven't yet been arrested. The FBI has added them to their list of WANTED HACKERS

Dell Resets All Customers' Passwords After Potential Security Breach

https://thehackernews.com/2018/11/dell-data-breach-hacking.html

Hackers Infiltrated #Dell's Network and Attempted to Steal Users’ Account Information, Including Passwords.