⚡How just opening a webpage in Safari could have HACKED your macOS system

Details & PoC → https://thehackernews.com/2018/11/apple-macos-zeroday.html

Syndis team (with Dropbox) reported 3 flaws in Apple #macOS, which if chained together, could have allowed sites to execute malicious code on visitors' computers

A Security flaw in US Postal Service 📫 exposed 60 million users' personal data, including emails, account numbers, addresses & phone numbers

https://thehackernews.com/2018/11/usps-data-breach.html

🤦🏻‍ Even after receiving responsible disclosure from researcher, USPS left the flaw unpatched for over a year

Rogue open-source developer infected the widely used NodeJS module "Event-Stream" with malicious code to steal bitcoin from wallets

https://thehackernews.com/2018/11/nodejs-event-stream-module.html

With 2,000,000 weekly downloads, Event-Stream is one of the most popular NPM packages being used by millions of web apps

FBI shuts down a massive multimillion-dollar online #Adfraud operation – dubbed "3ve" – and arrested 8 cyber criminals!

https://thehackernews.com/2018/11/3ve-ad-fraud-google.html

Hackers infected over 1.7 million computers and made millions of dollars from ads that were never actually viewed by real humans.

U.S. today announced charges against 2 Iranian hackers for creating & using SamSam #ransomware that extorted over $6 million from victims

https://thehackernews.com/2018/11/samsam-ransomware-iranian-hackers.html

Since both operate from Iran, they haven't yet been arrested. The FBI has added them to their list of WANTED HACKERS

Dell Resets All Customers' Passwords After Potential Security Breach

https://thehackernews.com/2018/11/dell-data-breach-hacking.html

Hackers Infiltrated #Dell's Network and Attempted to Steal Users’ Account Information, Including Passwords.

A die-hard fan of most-followed YouTuber #PewDiePie hijacked 150,000 printers worldwide to print-out flyers asking everyone to subscribe PewDiePie channel and unsubscribe T-Series, 2nd most-followed channel



https://thehackernews.com/2018/11/pewdiepie-printer-hack.html



The T-Series vs Pewdiepie war is getting ugly!

A new ransomware malware is spreading rapidly across China that has already infected over 100,000 computers in last 4 days

https://thehackernews.com/2018/12/china-ransomware-wechat.html

Quora Gets Hacked – 100 Million Users' Data Stolen, Including Email Addresses and Hashed Passwords.

https://thehackernews.com/2018/12/quora-hack.html

Change Your Password Now.

Microsoft is reportedly building a new Chromium-based web browser, dubbed "Project Anaheim," to replace Windows 10's built-in #Edge browser.

https://thehackernews.com/2018/12/edge-browser-anaheim-chromium.html

*Here We Go:*

SNDBOX — Researchers Release a New Artificial Intelligence-Powered Online Automated #Malware Analysis Platform ...and It's Free!

SNDBOX offers Static, Dynamic (behavioral) and Network analysis for submitted executables in an easy-to-understand format.

It uses Machine Learning algorithms to automatically develop deeper knowledge and understanding on several aspects, behavioral patterns, vectors, attributes, classification, and signatures over time.

SNDBOX is not just capable of detecting malware by monitoring their behavior, but it also converts dynamic behavioral inputs into searchable vectors, allowing users to search its vast online malware analysis database with excellent visibility

Watch Demo Video, Sample Reports at The Hacker News
https://thehackernews.com/2018/12/sndbox-malware-analysis-tool.html

New Adobe Flash zero-day exploit discovered hidden inside Microsoft Office docs, which are being used in a targeted campaign against Russian State Healthcare Institution

https://thehackernews.com/2018/12/flash-player-vulnerability.html

Tracked as CVE-2018-15982, the Flash Player vulnerability allows attackers to execute arbitrary code on a targeted system. Adobe has released patch update to fix it.

WARNING — On most Linux distributions, unprivileged users with UIDs greater than INT_MAX value can execute any systemctl command, thanks to a new flaw (CVE-2018-19788) found in PolicyKit, a toolkit responsible for handling authentication & permissions

https://thehackernews.com/2018/12/linux-user-privilege-policykit.html

Australia Passes New Anti-Encryption Bill 2018—Here's Everything You Need To Know

https://thehackernews.com/2018/12/australia-anti-encryption-bill.html

Worth to note → It doesn't allow Government to force Tech companies to Weak/crack/backdoor their encrypted services. Instead, Australia wants them to provide an alternative way to let Government sneak into your devices, whenever required.

Google announces to shutdown #Google+ 4 month earlier than its actual scheduled after the company discovered a new API flaw that exposed personal information of 52.5 million users

https://thehackernews.com/2018/12/google-plus-hacking.html

Google+ will now die on April 2019 instead of August 2019.

phpMyAdmin Releases Critical Software Update to Address Several Security Vulnerabilities — Patch Your Websites Now!

https://thehackernews.com/2018/12/phpmyadmin-security-update.html

—Local file inclusion (CVE-2018-19968)
—Cross-Site Request Forgery/XSRF (CVE-2018-19969)
—Cross-site scripting (CVE-2018-19970)

A new variant of infamous Shamoon malware is targeting Oil and Gas sector in the Middle East and Europe

https://thehackernews.com/2018/12/shamoon-malware-attack.html

Microsoft releases an EMERGENCY security update to patch a remote code execution vulnerability (CVE-2018-8653) in Internet Explorer that is currently being exploited in the wild



https://thehackernews.com/2018/12/internet-explorer-zero-day.html



Affected Versions — Internet Explorer 9, 10, 11 on Windows 7, 8.1, 10 Server 2008, 2012, 2016 and 2019.

Hacker Discloses New Unpatched Windows #ZeroDay Exploit On Twitter

PoC Exploit and Demo Video→ https://thehackernews.com/2018/12/windows-zero-day-exploit.html

The flaw resides in "MsiAdvertiseProduct" function and could allow low-privileged #Windows users to read content of any file on the system.

U.S. Department of Justice today indicted 2 Chinese government sponsored hackers over decade-long global #hacking campaign

https://thehackernews.com/2018/12/chinese-hacker-wanted-by-fbi.html

Defendants are members of #APT10 hacking group who stole trade secrets from tech companies and government agencies around the world

Google partially patches a privacy issue in Chrome app for Android that was originally disclosed 3-years ago

https://thehackernews.com/2019/01/google-chrome-android-privacy.html

The bug reveals device hardware model and firmware version, allowing remote attackers to identify if you're running an outdated/flawed OS.