China's border guards have been caught secretly installing a surveillance app—called Feng Cai (蜂采) or BXAQ—on the tourists' phones that instantly extracts texts messages, call records, contacts, more, and also scan the device for 73,000 objected files

https://thehackernews.com/2019/07/xinjiang-fengcai-spyware.html

D-Link has agreed to implement a "comprehensive software security" program and undergo 10 years of biennial security audits to settle FTC charges over the security of its routers & IP cameras, and negligence in patching reported vulnerabilities

https://thehackernews.com/2019/07/ftc-d-link-router-security.html

23-Year-Old DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison

Read more — https://thehackernews.com/2019/07/christmas-ddos-attacks.html

He has also been ordered to pay $95,000 in damages to Daybreak Games, previously known as Sony Online Entertainment.

Beware ➤ 17-Year-Old weakness in Firefox browser could allow downloaded HTML files to access other sensitive files stored on a victim's computer and send data back to remote attackers.

https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html

Researcher successfully weaponized the issue and demonstrated PoC.

Official GitHub account of Canonical—the company behind Ubuntu Linux project—gets hacked.

Read more ➤ https://thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html

British Airways Fined £183.39 Million Under #GDPR Over 2018 Data Breach

https://thehackernews.com/2019/07/british-airways-breach-gdpr-fine.html

BEWARE — If you use (popular) Zoom video conferencing software on your Mac computer, then any website you're visiting can turn on your WEBCAM without your permission.

Learn more ⮞ https://thehackernews.com/2019/07/webcam-hacking-video-conferencing.html

Details and PoC for a severe security flaw in Zoom app disclosed.

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks

https://thehackernews.com/2019/07/astaroth-fileless-malware.html

Over 1,300 Android Apps Have Been Caught Using "Covert and Side-Channels" Techniques to Collect Your Data Even When You Deny Permissions, Including Device Location and Identifiers.

https://thehackernews.com/2019/07/android-permission-bypass.html

Severe Unpatched "Prototype Pollution" Vulnerability [CVE-2019-10744] Affects All Versions [Including Latest] of Popular Lodash Library

Details & PoC ➤ https://thehackernews.com/2019/07/lodash-prototype-pollution.html

Lodash a highly popular JavaScript library used by more than 4 million projects on GitHub alone.

July 2019 Patch Tuesday—Microsoft Releases Latest Security Updates

✅ 6 Flaws were disclosed publicly
✅ 2 Flaws found being actively exploited in the wild

Read More:
https://thehackernews.com/2019/07/microsoft-security-updates.html

Adobe releases latest #security bulletins of July 2019 that includes patches for:

✅ Adobe Bridge CC
✅ Adobe Experience Manager
✅ Adobe Dreamweaver

❌ No Flash Player
❌ No Acrobat Reader
❌ No Critical Flaws

Read more: https://blogs.adobe.com/psirt/?p=1765

Another Day, Another GDPR Fine

World's largest Hotel Chain "Marriott International" Faces $123 Million Fine Over Starwood #DataBreach That Exposed Personal Data of Nearly 339 Million Guests

https://thehackernews.com/2019/07/marriott-data-breach-gdpr.html

UK's ICO Recently Also Fined British Airways with £183 Million

😃 We've got some really exciting 🔥 news for you…

Hackers' 👩‍💻 Favorite Operating System Kali Linux Released for Raspberry Pi 4
Learn More ➤ https://thehackernews.com/2019/07/kali-linux-raspberry-pi-4.html

Researchers spotted new versions of the powerful government-grade surveillance malware — dubbed FinSpy — targeting iOS and Android users in Myanmar.

https://thehackernews.com/2019/07/finspy-spyware-android-ios.html

New ➤ In a massive supply-chain attack, Magecart credit-card hackers infected nearly 17,000 websites by modifying JavaScript files hosted on hundreds of misconfigured Amazon S3 Buckets.

Read: https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html

📢 Watch Out!

Researchers spotted a new malware that automatically replace legitimate popular Android apps⁠—⁠WhatsApp, JioTV, AppLock, HotStar, Flipkart, Truecaller—installed on your device with modified malicious versions of them.

Learn more: https://thehackernews.com/2019/07/whatsapp-android-malware.html

Learn how using a Cybersecurity Frameworks can help your organization become more focused on protecting its critical assets.https://thehackernews.com/2019/07/best-cybersecurity-frameworks.html

In case you missed it...

New ransomware targeting QNAP network-attached storage devices https://thehackernews.com/2019/07/ransomware-nas-devices.html

—Tips—

✅ Use Strong Passwords
✅ Enable Network Access Protection
✅ Enable System Connection Logs
✅ Disable Unrequired Services
✅ Disable "Searchable"

Facebook to Pay Record $5 Billion Fine to Settle FTC’s Privacy Investigation Into Cambridge Analytica Scandal

Read More: https://thehackernews.com/2019/07/facebook-data-privacy-ftc.html

Mozilla releases Grizzly, a cross-platform browser fuzzing framework designed to allow fuzzer developers to focus solely on writing fuzzers and not worry about the overhead of creating tools and scripts

https://github.com/MozillaSecurity/grizzly

Supported by Linux, MacOS and Windows are supported