⚠️ Unpatched / 0-Day

A new flaw in KDE Plasma could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a targeted Linux desktop—without even requiring victim to actually open it.

https://thehackernews.com/2019/08/kde-desktop-linux-vulnerability.html

PoC videos & exploit code released

Someone is reportedly leaking KYC data of #Binance users online and blackmailing the #cryptocurrency exchange to pay 300 Bitcoins (~$3.5 million).



https://thehackernews.com/2019/08/binance-kyc-data-leak.html



Binance is investigating the incident & offering $290,000 bounty to provide identity of the blackmailer.

New high-risk flaws in over 40 hardware drivers (from at least 20 vendors) could let attackers gain most privileged permission on your Windows computer and install persistent backdoors.

Read: https://thehackernews.com/2019/08/windows-driver-vulnerability.html

Affected vendors include ASUS, Toshiba, Intel, NVIDIA & Huawei

🔐 Your Precious Memories Can Get Locked!

Canon’s EOS-series 📷 DSLR and PowerShot cameras are vulnerable to multiple vulnerabilities that could allow hackers to compromise your camera and deploy ransomware remotely.

Read ➤ https://thehackernews.com/2019/08/dslr-camera-hacking.html

☝️Watch video demonstration

Forget Passwords! Here's a fastest way to “Verify It's You”

Chrome for Android users can now securely log-in to certain Google services using their FINGERPRINT👍or other device unlock methods, including pins, pattern or password

Learn more ➤ https://thehackernews.com/2019/08/android-local-user-verification.html

Epic Games Hit With Class-Action Lawsuit Over Hacked 'Fortnite' Accounts
.

https://thehackernews.com/2019/08/epic-games-fortnite-lawsuit.html

On the behalf of over 100 affected users, #lawsuit accuses the company of failing to maintain adequate security measures and notify users of the #security breach in a timely manner.

Cerberus — A New Android “Banking Malware for Rent” Emerges Online

https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html

🔥 Breaking: Google researcher discloses 20-year-old 'unpatched' vulnerabilities affecting all versions of Microsoft Windows—from XP to the latest Windows 10.

Details ➤ https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

It could allow attackers to gain SYSTEM privileges on a targeted PC.

⚡HTTP/2 DoS Attacks

Various widely-used implementations of HTTP/2 protocol have been found vulnerable to multiple denial-of-Service (DoS) vulnerabilities, allowing attackers to easily knock websites running over vulnerable servers OFFLINE.

Details ➤ https://thehackernews.com/2019/08/http2-dos-vulnerability.html

🔥 CVE-2019-9506

A new Bluetooth 'Encryption Key Negotiation' vulnerability lets attackers hijack and spy on encrypted connections.

Read: https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html

The flaw affects a wide-range of Bluetooth-enabled devices including smartphones, laptops, IoTs, and industrial devices.

A privacy flaw in Kaspersky antivirus products by-default exposed its users to cross-site online tracking—even in incognito mode.

https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

The 4-year-old flaw, CVE-2019-8286, could have allowed online trackers to identify you without even using browser cookies.

This new smartphone app—called "Bluetana"—can quickly detect hidden Bluetooth-enabled #CreditCard skimmers at Gas Pumps and ATMs

https://thehackernews.com/2019/08/credit-card-skimmer-detector.html

Researchers bypass security patches for two severe vulnerabilities that "LibreOffice" attempted to patch in its software with earlier updates.

Read this ➤ https://thehackernews.com/2019/08/libreoffice-patch-update.html

Update LibreOffice (Windows, Linux and macOS) to version 6.2.6/6.3.0 to patch them again.

The European Central Bank (ECB) Shuts Down Its 'BIRD Portal' After Getting Hacked

https://thehackernews.com/2019/08/european-central-bank-hack.html

Watch Out, SysAdmins!

Someone planned an RCE backdoor in Webmin (versions 1.882 through 1.921)—a popular open source, web-based cPanel type utility for Linux/Unix servers—that remained hidden for over a year, allowing unauthenticated remote attackers to execute arbitrary commands with root privileges on affected servers

https://thehackernews.com/2019/08/webmin-vulnerability-hacking.html

⚡ Fully working jailbreak released for the latest iOS 12.4 — thanks to Apple who "accidentally unpatches" an old vulnerability (CVE-2019-8605) that it patched previously in iOS 12.3.

Details ➤ https://thehackernews.com/2019/08/ios-iphone-jailbreak.html

It works on updated iPhone, iPad and iPod touch devices.

👨‍🔧 Off-Facebook Activity

Facebook releases a new privacy tool that lets its users view & simply dissociate their Facebook identity from the data 3rd-party websites & apps share with the company through online tracking tools.

Read details ➤ https://thehackernews.com/2019/08/clear-off-facebook-activity.html

Google and Mozilla finally today blocked the Kazakhstan’s government-issued root CA certificate in Chrome and Firefox web browsers to prevent the government from intercepting HTTPS connections and spying on its citizens' online activities.

https://thehackernews.com/2019/08/kazakhstan-root-certificate.html

🔥 Privacy Sandbox

Google announces a new initiative to develop a set of open standards that fundamentally enhances privacy on the web, while continuing to support a free, open and democratic Internet through targeted online advertisements.

https://thehackernews.com/2019/08/google-privacy-sandbox-ads.html

Hostinger—Popular Web Hosting Provider— Suffers Data Breach; Resets Password For 14 Million Customers

Read ➤ https://thehackernews.com/2019/08/web-hosting-hostinger-breach.html

Binance, one of the world's largest cryptocurrency exchanges, confirms the "blackmailing hacker" obtained some of its users’ KYC data from a 3rd-party vendor.

Details ➤ https://thehackernews.com/2019/08/binance-kyc-data-leak_26.html