'Exodus' Surveillance #Malware Found Targeting #iOS Users Using Apple's Enterprise Developer Program

https://thehackernews.com/2019/04/exodus-ios-malware.html

Researcher Reveals Multiple Flaws in Verizon Fios Wi-Fi Routers

https://thehackernews.com/2019/04/verizon-wifi-router-security.html

● CVE-2019-3914: Authenticated Command Injection (Root)
● CVE-2019-3915: Login Replay
● CVE-2019-3916: Password Salt disclosure

★ Firmware Patch + PoC Exploit Released

Adobe releases April 2019 security updates to patch a total of 40 vulnerabilities in Flash Player, Acrobat Reader, Shockwave, Other Products.

Read more >> https://thehackernews.com/2019/04/adobe-security-updates.html

Microsoft Patch Tuesday — April 2019 Updates Released

Latest Windows Update Patches 74 Security Flaws, Including 2 New EoP Zero-Days Already Being Exploited in the Wild

https://thehackernews.com/2019/04/microsoft-patch-updates.html

Researchers Unveil Sophisticated 'TajMahal' APT Malware Framework (80+ Modules) That Remained Undetected for 5 Years

https://thehackernews.com/2019/04/apt-malware-framework.html

🔥 BREAKING — Researchers find several vulnerabilities in the latest WPA3 WiFi security protocol that could allow attackers to hack WiFi passwords using password partitioning attacks

Read More https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html

London Police Has Arrested WikiLeaks Founder "Julian Assange" After Ecuadorian Government Withdraws Asylum

https://thehackernews.com/2019/04/wikileaks-julian-assange-arrested.html

Watch Out! Popular VSDC video editing software website was HACKED (once again) for a month; hackers replaced software download links with the banking and password stealing malware

https://thehackernews.com/2019/04/free-video-editing-malware.html

Matrix—Open Source e2e Encrypted Messaging Project—Suffers Extensive Cyber Attack

https://thehackernews.com/2019/04/encrypted-messenger-cyberattack.html …

Hackers defaced Matrix's site, stole "unencrypted private messages, password hashes, access tokens," and GPG keys the project maintainers used for signing packages.

Hackers Compromised Credentials for Microsoft's Customer Support Panel and Used It to Access Information of Outlook Email Accounts for 3 Months

Read more — https://thehackernews.com/2019/04/microsoft-outlook-email-hack.html

Apache releases security important updates to patch a new Remote Code Execution flaw (CVE-2019-0232) in Apache Tomcat

https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html

Google Helps Police Identify Devices Close to Crime Scenes Using its "SensorVault" Location History Database and Track Narrowed-Down Suspects or Witnesses.

https://thehackernews.com/2019/04/google-location-tracking.html

Researchers discover a new rapidly evolving, rootkit-enabled multifunctional spyware—dubbed SCRANOS—that can steal browser history, cookies, passwords and payment accounts from various services, inject ads, and download new payloads

Read: https://thehackernews.com/2019/04/scranos-rootkit-spyware.html

Google introduces plans to make it more tough for rogue/malware #Android app developers to get back on its Play Store.

https://thehackernews.com/2019/04/android-google-play-store.html

...apparently, a less painful, transparent, but strict and detailed app review process for 1st-time developers.

BREAKING — JustDial, India's Largest Local Search Service, Has Been Found Exposing Over 100 Million Users' Personal Data On the Internet.

https://thehackernews.com/2019/04/justdial-hacked-data-breach.html

Researcher took control over a Microsoft-owned subdomain—associated with its "Windows 8 Live Tiles" feature—by exploiting a weakness in Azure Cloud Service & used it to show how hackers could have pushed malicious content to Windows users

https://thehackernews.com/2019/04/subdomain-microsoft-azure.html

Drupal Releases Core CMS Updates to Patch Several "Moderately Critical" Security Vulnerabilities

https://thehackernews.com/2019/04/drupal-security-update.html

Remember when Facebook was recently caught asking its users for their emails' account passwords?

Facebook today admitted that it "unintentionally" used access to 1.5 million users' email accounts and collected their contacts without users' knowledge and consent.

Read more: https://thehackernews.com/2019/04/facebook-email-database.html

Facebook stored millions of Instagram users' passwords in plaintext, not for "tens of thousands" users, a quietly added update to the company's last month blog post revealed today.

https://thehackernews.com/2019/04/instagram-password-plaintext.html

A researcher found full Source Code for CARBANAK banking malware—yes, this time for real—and some of its previously unseen plugins on the VirusTotal that were uploaded two years ago but went unnoticed.

https://thehackernews.com/2019/04/carbanak-malware-source-code.html

by @security_wang

Watch out! Hackers have started exploiting two recently disclosed critical flaws in the 'Social Warfare' plugin for #WordPress.

https://thehackernews.com/2019/04/wordpress-plugin-hacking.html

Although a patched version is available for a month now, thousands of WordPress sites are still using an older version.