WARNING — On most Linux distributions, unprivileged users with UIDs greater than INT_MAX value can execute any systemctl command, thanks to a new flaw (CVE-2018-19788) found in PolicyKit, a toolkit responsible for handling authentication & permissions

https://thehackernews.com/2018/12/linux-user-privilege-policykit.html

Australia Passes New Anti-Encryption Bill 2018—Here's Everything You Need To Know

https://thehackernews.com/2018/12/australia-anti-encryption-bill.html

Worth to note → It doesn't allow Government to force Tech companies to Weak/crack/backdoor their encrypted services. Instead, Australia wants them to provide an alternative way to let Government sneak into your devices, whenever required.

Google announces to shutdown #Google+ 4 month earlier than its actual scheduled after the company discovered a new API flaw that exposed personal information of 52.5 million users

https://thehackernews.com/2018/12/google-plus-hacking.html

Google+ will now die on April 2019 instead of August 2019.

phpMyAdmin Releases Critical Software Update to Address Several Security Vulnerabilities — Patch Your Websites Now!

https://thehackernews.com/2018/12/phpmyadmin-security-update.html

—Local file inclusion (CVE-2018-19968)
—Cross-Site Request Forgery/XSRF (CVE-2018-19969)
—Cross-site scripting (CVE-2018-19970)

A new variant of infamous Shamoon malware is targeting Oil and Gas sector in the Middle East and Europe

https://thehackernews.com/2018/12/shamoon-malware-attack.html

Microsoft releases an EMERGENCY security update to patch a remote code execution vulnerability (CVE-2018-8653) in Internet Explorer that is currently being exploited in the wild



https://thehackernews.com/2018/12/internet-explorer-zero-day.html



Affected Versions — Internet Explorer 9, 10, 11 on Windows 7, 8.1, 10 Server 2008, 2012, 2016 and 2019.

Hacker Discloses New Unpatched Windows #ZeroDay Exploit On Twitter

PoC Exploit and Demo Video→ https://thehackernews.com/2018/12/windows-zero-day-exploit.html

The flaw resides in "MsiAdvertiseProduct" function and could allow low-privileged #Windows users to read content of any file on the system.

U.S. Department of Justice today indicted 2 Chinese government sponsored hackers over decade-long global #hacking campaign

https://thehackernews.com/2018/12/chinese-hacker-wanted-by-fbi.html

Defendants are members of #APT10 hacking group who stole trade secrets from tech companies and government agencies around the world

Google partially patches a privacy issue in Chrome app for Android that was originally disclosed 3-years ago

https://thehackernews.com/2019/01/google-chrome-android-privacy.html

The bug reveals device hardware model and firmware version, allowing remote attackers to identify if you're running an outdated/flawed OS.

Deal of the Week: Get 10 Popular CyberSecurity eBooks To Learn Advanced Ethical Hacking @ 96% Discount

https://thehackernews.com/2019/01/cybersecurity-hacking-books.html

20-Year-Old Student, "Who Acted Alone," Arrested For Carrying Out Germany's Biggest Data Leak

https://thehackernews.com/2019/01/germany-data-leak-arrested.html …

He admits to #hacking and leaking personal data of thousands of German politicians, journalists and other public figures.

IMPORTANT — Search your Wi-Fi routers logs for "f8:e0:79:af:57:eb" MAC Address

https://thehackernews.com/2019/01/german-dhl-parcel-bomb-blackmailer.html …

German #Police seek help in gathering related info that could lead to the phone used by DHL blackmailer who parceled out #bombs at different addresses in Brandenburg & Berlin.

Turns out that it was Kaspersky Labs who tipped off the FBI & helped the agency catch alleged #NSA leaker Harold T. Martin III

https://thehackernews.com/2019/01/shadow-brokers-nsa-kaspersky.html …

Martin contacted Kaspersky researchers just 30 min before TheShadowBrokers began leaking classified NSA #hacking tools online

Google Public DNS Service Now Supports DNS-over-TLS Security Feature

https://thehackernews.com/2019/01/google-dns-over-tls-security.html

It not just helps in hiding your web-browsing history from ISPs and eavesdroppers, but also prevents DNS spoofing attacks.

Over 202 Million Chinese Job Seekers' Scrapped Personal Details Exposed On the Internet

https://thehackernews.com/2019/01/mongodb-chinese-database.html …

Thanks to Another Unprotected MongoDB Instance [854 GB]

New Systemd Security Flaws Affect Most Linux Distributions — Patches are on the Way!

https://thehackernews.com/2019/01/linux-systemd-exploit.html …

CVE-2018-16864 (privilege escalation)
CVE-2018-16865 (privilege escalation)
CVE-2018-16866 (Information leak)

Cybercriminals found using Zero-Width Space characters in Phishing emails to bypass Microsoft Office 365 Safe Links and Advanced Threat Protection

https://thehackernews.com/2019/01/phishing-zero-width-spaces.html

PyLocky #Ransomware Decryption Tool Released—Unlock Your Files For Free

https://thehackernews.com/2019/01/pylocky-free-ransomware-decryption.html

Limitation: The tool requires captured PCAP file of the initial network traffic b/w the infected machine and C&C server to extract the password

Attacking Hospital Networks With DDoS Landed This Anonymous Hacktivist in Jail for Over 10 Years

https://thehackernews.com/2019/01/ddos-attack-anonymous-hacker.html

...And Fined $443,000

Ukrainian Police BUSTED Two Separate Gangs of Cyber Criminals

https://thehackernews.com/2019/01/ukrainian-cybercriminals.html

• 4 Hackers, aged 26-30 years, for hacking Ukrainians and stealing 5 million Hryvnia

• 2 Hackers, aged 21-22 years, for disrupting Ukrainian sites with DDoS attacks

Unprotected "Oklahoma Securities Commission" Server Exposes a Massive 3 TB of Government Database Containing Millions of Sensitive Files Related to Years of #FBI Investigations

https://thehackernews.com/2019/01/oklahoma-fbi-data-leak.html