Official GitHub account of Canonical—the company behind Ubuntu Linux project—gets hacked.

Read more ➤ https://thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html

British Airways Fined £183.39 Million Under #GDPR Over 2018 Data Breach

https://thehackernews.com/2019/07/british-airways-breach-gdpr-fine.html

BEWARE — If you use (popular) Zoom video conferencing software on your Mac computer, then any website you're visiting can turn on your WEBCAM without your permission.

Learn more ⮞ https://thehackernews.com/2019/07/webcam-hacking-video-conferencing.html

Details and PoC for a severe security flaw in Zoom app disclosed.

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks

https://thehackernews.com/2019/07/astaroth-fileless-malware.html

Over 1,300 Android Apps Have Been Caught Using "Covert and Side-Channels" Techniques to Collect Your Data Even When You Deny Permissions, Including Device Location and Identifiers.

https://thehackernews.com/2019/07/android-permission-bypass.html

Severe Unpatched "Prototype Pollution" Vulnerability [CVE-2019-10744] Affects All Versions [Including Latest] of Popular Lodash Library

Details & PoC ➤ https://thehackernews.com/2019/07/lodash-prototype-pollution.html

Lodash a highly popular JavaScript library used by more than 4 million projects on GitHub alone.

July 2019 Patch Tuesday—Microsoft Releases Latest Security Updates

✅ 6 Flaws were disclosed publicly
✅ 2 Flaws found being actively exploited in the wild

Read More:
https://thehackernews.com/2019/07/microsoft-security-updates.html

Adobe releases latest #security bulletins of July 2019 that includes patches for:

✅ Adobe Bridge CC
✅ Adobe Experience Manager
✅ Adobe Dreamweaver

❌ No Flash Player
❌ No Acrobat Reader
❌ No Critical Flaws

Read more: https://blogs.adobe.com/psirt/?p=1765

Another Day, Another GDPR Fine

World's largest Hotel Chain "Marriott International" Faces $123 Million Fine Over Starwood #DataBreach That Exposed Personal Data of Nearly 339 Million Guests

https://thehackernews.com/2019/07/marriott-data-breach-gdpr.html

UK's ICO Recently Also Fined British Airways with £183 Million

😃 We've got some really exciting 🔥 news for you…

Hackers' 👩‍💻 Favorite Operating System Kali Linux Released for Raspberry Pi 4
Learn More ➤ https://thehackernews.com/2019/07/kali-linux-raspberry-pi-4.html

Researchers spotted new versions of the powerful government-grade surveillance malware — dubbed FinSpy — targeting iOS and Android users in Myanmar.

https://thehackernews.com/2019/07/finspy-spyware-android-ios.html

New ➤ In a massive supply-chain attack, Magecart credit-card hackers infected nearly 17,000 websites by modifying JavaScript files hosted on hundreds of misconfigured Amazon S3 Buckets.

Read: https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html

📢 Watch Out!

Researchers spotted a new malware that automatically replace legitimate popular Android apps⁠—⁠WhatsApp, JioTV, AppLock, HotStar, Flipkart, Truecaller—installed on your device with modified malicious versions of them.

Learn more: https://thehackernews.com/2019/07/whatsapp-android-malware.html

Learn how using a Cybersecurity Frameworks can help your organization become more focused on protecting its critical assets.https://thehackernews.com/2019/07/best-cybersecurity-frameworks.html

In case you missed it...

New ransomware targeting QNAP network-attached storage devices https://thehackernews.com/2019/07/ransomware-nas-devices.html

—Tips—

✅ Use Strong Passwords
✅ Enable Network Access Protection
✅ Enable System Connection Logs
✅ Disable Unrequired Services
✅ Disable "Searchable"

Facebook to Pay Record $5 Billion Fine to Settle FTC’s Privacy Investigation Into Cambridge Analytica Scandal

Read More: https://thehackernews.com/2019/07/facebook-data-privacy-ftc.html

Mozilla releases Grizzly, a cross-platform browser fuzzing framework designed to allow fuzzer developers to focus solely on writing fuzzers and not worry about the overhead of creating tools and scripts

https://github.com/MozillaSecurity/grizzly

Supported by Linux, MacOS and Windows are supported

📢 PoC Confirmed : CVE-2019-13567

Besides the video privacy bug disclosed earlier this week, insecure local web-server installed by Zoom software also left Mac computers vulnerable to a critical Remote Code Execution (RCE) flaw

Read ➤ https://thehackernews.com/2019/07/zoom-video-conferencing-hacking.html

—by @unix_root

😱 This vulnerability could have allowed hackers to hack any Instagram account within 10 minutes—no user interaction required.

https://thehackernews.com/2019/07/hack-instagram-accounts.html

Facebook rewarded researcher with $30,000 bug bounty for helping it find and fix this critical loophole.

Interesting Attack Scenario:

Researchers explain how iOS "URL Scheme" could allow app-in-the-middle attackers to steal secret login-tokens from your social accounts, trigger unauthorized payments, or perform other actions.

Learn More ➤ https://thehackernews.com/2019/07/ios-custom-url-scheme.html

Not Just Zoom video conferencing software… it’s popular white-labelled rebranded versions — RingCentral and Zhumu — also install a hidden local web-server on macOS systems, which are also vulnerable to RCE and WebCam privacy flaws

https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html

PoC Video Released