Critical #WinRAR bug is still under attack even after a patched version was released last month — thanks to NO Auto-Update feature in the popular file compression software with over 500 million users worldwide.

https://thehackernews.com/2019/03/winrar-hacking-malware.html

—by @Swati_THN

[Exclusive] Round 4 — Hacker Puts 26 Million New Accounts Up [From 6 Sites] For Sale On the Dark Web

https://thehackernews.com/2019/03/data-breach-security.html

If you have an account with any of the above-listed sites, you should change your passwords immediately and also on other services if you re-use the same password.

A new variant of Mirai botnet gets a dozen new exploits to target Enterprise IoT devices—eventually gaining control over larger bandwidth to carry out devastating DDoS attacks.

https://thehackernews.com/2019/03/mirai-botnet-enterprise-security.html

Libssh—a popular library to implement SSHv2 protocol—releases updated version of its software to patch a total of 9 new memory corruption flaws, which could allow a malicious or a compromised SSH server to target client systems remotely

https://thehackernews.com/2019/03/libssh2-vulnerabilities.html

Android Q — All New Privacy and Security Features You Need to Know

Details ➤ https://thehackernews.com/2019/03/android-q-security-privacy.html

Google to introduce some new, great privacy features in the next version of its Android mobile operating system.

Google will soon prompt European Android users to choose their preferred default Web Browser and Search Engine

https://thehackernews.com/2019/03/google-android-europe-chrome.html

Popular SSH Client "PuTTY" Releases Important Software Update (Version 0.71) to Patch 8 New High-Severity Vulnerabilities

https://thehackernews.com/2019/03/putty-software-hacking.html

Holy Moly 😱 Facebook revealed that it "mistakenly" stored a copy of passwords for "hundreds of millions" users in plaintext:

https://thehackernews.com/2019/03/facebook-account-passwords.html

Microsoft Announces Windows Defender ATP Antivirus for Mac


https://thehackernews.com/2019/03/microsoft-defender-antivirus-macos.html


The company also hints that MS Defender will soon be available for more platforms… probably Linux is next!

DHS issues warning about critical vulnerabilities in Medtronic’s implantable defibrillator devices that could cause life-threatening malfunctions

https://thehackernews.com/2019/03/hacking-implantable-defibrillators.html

Important — Over 1 million ASUS computers compromised in a massive supply-chain attack that went undetected for almost 6 months.

https://thehackernews.com/2019/03/asus-computer-hacking.html

Hackers managed to compromise ASUS Live Software server and distributed backdoored updates to users worldwide.

Apple releases iOS 12.2 to patch some pretty serious #security vulnerabilities in iPhone, iPad and iPod touch 6th generation devices

Majority of flaws patched this month reside in #WebKit, which may allow malicious sites to execute arbitrary code, bypass sandbox restrictions, or launch universal XSS attacks

One of the WebKit flaws (CVE-2019-6222) could allow malicious sites to access microphone of your #iOS device, without the "microphone-in-use" indicator being shown.

Apple also patches another critical flaw (CVE-2019-8553) in iOS that can be exploited by just convincing victims into clicking a malicious SMS link, leading to arbitrary code execution.

Read more: https://thehackernews.com/2019/03/ios-update-iphone-security.html

⚠️Breaking — Popular UC Browser contains a 'hidden,' 'potentially dangerous,' and insecure 'feature' (backdoor) that allows remote attackers to execute malicious code on Android smartphones, putting over 500 million of its users at risk

https://thehackernews.com/2019/03/uc-browser-android-hacking.html

Facebook introduces a new "Whitehat Settings" to help Bug Bounty hunters and hackers easily intercept network traffic (bypass Certificate Pinning) and find flaws in its Facebook, Messenger and Instagram mobile applications

https://thehackernews.com/2019/03/facebook-whitehat-setting-hackers.html

Elfin Cyber Espionage Hackers Group, aka APT 33, Targets Multiple Organisations in U.S. and Saudi Arabian

https://thehackernews.com/2019/03/apt33-cyber-espionage-hacking.html

Ex-NSA contractor Harold Thomas Martin III—who stole classified material over more than 20 years—has finally pleaded guilty to the federal charge of willful retention of national defense information

https://thehackernews.com/2019/03/nsa-classified-material.html

Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

https://thehackernews.com/2019/03/network-data-protection.html

Experts at Cynet are hosting a #webinar that will explain some significant inherent security gaps in EDR\EPP and Network Analytics you should know about.

Important — Critical Unauthenticated "SQL Injection" Flaw Discovered in Magento E-Commerce Platform

https://thehackernews.com/2019/03/magento-website-security.html

Online store owners are advised to immediately install the latest version of Magento to patch a total of 37 new #security vulnerabilities.

BREAKING — Here's the List of ~600 MAC Addresses Hackers Targeted in the Recent ShadowHammer ASUS Breach

https://thehackernews.com/2019/03/asus-hack-mac-addresses.html

📢 FireEye Releases "Commando VM"

It's a new #Windows-based virtual distribution for hackers and penetration testers that contains more than 400 pre-installed tools for testing and red teaming.

https://thehackernews.com/2019/03/windows-hacking-tools.html

CommandoVM is equipped with popular hacking tools like Nmap, Wireshark, Remote Server Administration Tools, Mimikatz, Burp-Suite, x64db, Metasploit, PowerSploit, Hashcat, and Owasp ZAP, pre-configured for a smooth working environment.

Exclusive—Researcher Discloses PoC for "Unpatched Zero-Day Flaws" Affecting Microsoft Edge and IE Browsers:

👉 https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html

Researcher discloses details 10-month after Microsoft allegedly failed to respond to his responsible disclosure.