Google Public DNS Service Now Supports DNS-over-TLS Security Feature

https://thehackernews.com/2019/01/google-dns-over-tls-security.html

It not just helps in hiding your web-browsing history from ISPs and eavesdroppers, but also prevents DNS spoofing attacks.

Over 202 Million Chinese Job Seekers' Scrapped Personal Details Exposed On the Internet

https://thehackernews.com/2019/01/mongodb-chinese-database.html …

Thanks to Another Unprotected MongoDB Instance [854 GB]

New Systemd Security Flaws Affect Most Linux Distributions — Patches are on the Way!

https://thehackernews.com/2019/01/linux-systemd-exploit.html …

CVE-2018-16864 (privilege escalation)
CVE-2018-16865 (privilege escalation)
CVE-2018-16866 (Information leak)

Cybercriminals found using Zero-Width Space characters in Phishing emails to bypass Microsoft Office 365 Safe Links and Advanced Threat Protection

https://thehackernews.com/2019/01/phishing-zero-width-spaces.html

PyLocky #Ransomware Decryption Tool Released—Unlock Your Files For Free

https://thehackernews.com/2019/01/pylocky-free-ransomware-decryption.html

Limitation: The tool requires captured PCAP file of the initial network traffic b/w the infected machine and C&C server to extract the password

Attacking Hospital Networks With DDoS Landed This Anonymous Hacktivist in Jail for Over 10 Years

https://thehackernews.com/2019/01/ddos-attack-anonymous-hacker.html

...And Fined $443,000

Ukrainian Police BUSTED Two Separate Gangs of Cyber Criminals

https://thehackernews.com/2019/01/ukrainian-cybercriminals.html

• 4 Hackers, aged 26-30 years, for hacking Ukrainians and stealing 5 million Hryvnia

• 2 Hackers, aged 21-22 years, for disrupting Ukrainian sites with DDoS attacks

Unprotected "Oklahoma Securities Commission" Server Exposes a Massive 3 TB of Government Database Containing Millions of Sensitive Files Related to Years of #FBI Investigations

https://thehackernews.com/2019/01/oklahoma-fbi-data-leak.html

#MageCart Hackers Compromised a French #Advertising Service to Indirectly Inject its 'Credit Card Stealing Code' into 100's of e-Commerce Sites

https://thehackernews.com/2019/01/magecart-hacking-credit-cards.html

Hacking Fortnite Accounts—Security researchers reported multiple flaw in Epic Games site that could have allowed remote hackers to steal users' authentication tokens and takeover accounts just by tricking them into clicking a link

https://thehackernews.com/2019/01/fortnite-account-hacked.html

A new security flaw reported in a widely used #Flight Booking System could have allowed hackers to access details on millions of customers of nearly 141 #Airlines worldwide and modify their bookings

https://thehackernews.com/2019/01/airlines-flight-hacking.html

5 Most popular webhosting services—Bluehost, Dreamhost, HostGator, OVH, and iPage—found vulnerable to multiple flaws, some of which could even have allowed hackers to completely hijack admin accounts just by tricking them into clicking a link

Read more→ https://thehackernews.com/2019/01/web-hosting-server-security.html

Important Reminder — Windows 7 only has 1-year of "supported" life left

https://thehackernews.com/2019/01/microsoft-windows-7-support.html …

Microsoft will end users-beloved operating system's extended support on January 14, 2020.

New Android Banking malware apps found on Google Play Store use motion sensors to evade detection

https://thehackernews.com/2019/01/android-malware-play-store.html

Attackers are using Twitter and Telegram's infrastructure as command-and-control server to communicate with the malware.

Alleged Russian Hacker Aleksandr Zhukov Pleads Not Guilty After Extradition to United States

https://thehackernews.com/2019/01/russian-hacker-ad-fraud.html

He was arrested last year in Bulgaria after authorities shut down "3ve," one of the largest digital ad-fraud schemes that infected over 1.7 million PCs worldwide

Google has been FINED $57 million by French data protection watchdog for "lack of transparency and consent" in its data collection practices that violate GDPR law


https://thehackernews.com/2019/01/google-privacy-gdpr-fine.html


It is the largest penalty to date under the new EU privacy law.

U.S. Homeland Security has issued an "emergency directive" ordering all federal agencies to audit DNS security for their domains within next 10 business days.

https://thehackernews.com/2019/01/dns-hijacking-cyber-attacks.html

The alert came in the wake of a series of recent DNS hijacking attacks against govt sites.

NEW → Critical RCE flaw (CVE-2019-3462) found in #Linux apt/apt-get, which could allow remote MiTM hackers to trick systems into installing altered or malicious packages as #root

https://thehackernews.com/2019/01/linux-apt-http-hacking.html …

Exploitation of such flaw could have been mitigated if APT was using HTTPS

Important→ Someone hacked the official site of PHP PEAR and replaced package manager (go-pear.phar) with a "tainted version"

https://thehackernews.com/2019/01/php-pear-hacked.html

If you have downloaded/updated pearPHP package manager from its official site in past 6 months, consider yourself compromised.

Researcher reveals details of a recently discovered remote iOS ≤ 12.1.2 jailbreak on iPhoneX, which Apple patched yesterday with the release of iOS 12.1.3

https://thehackernews.com/2019/01/ios12-jailbreak-exploit.html

Just visiting a specially crafted remote web page via Safari can compromise/jailbreak your device

China Has Blocked Microsoft's #Bing Search Engine, Despite Offering Censored Results

https://thehackernews.com/2019/01/china-firewall-microsoft-bing.html

✔️ Great Firewall of China
❌ Bing (latest)
❌ Facebook
❌ WhatsApp
❌ Twitter
❌ Yahoo
❌ Google
❌ Skype