Woman accused of “Capital One” data breach has also been charged for hacking another 30 companies and using their servers to mine cryptocurrency.

https://thehackernews.com/2019/08/paige-thompson-capital-one.html

If convicted, she could face up to 25 years in prison.

📢 Google just made 2 major announcements for its Bug Bounty Programs:

1.) Google will now reward anyone who reports data abuse issues in Android apps, OAuth projects, and #Chrome extensions.

2.) Google Play Store vulnerability reward program now includes all popular Android apps with over 100 million installations.

Details ➤ https://thehackernews.com/2019/08/google-data-abuse-bug-bounty.html

⚡Beware iPhone Users!

Google uncovers how just visiting some sites remotely HACKED thousands of iPhones 'indiscriminately' to install spyware.

Read ➤ https://thehackernews.com/2019/08/hacking-iphone-ios-exploits.html

With 5 iOS exploit chains, this campaign used a total of 14 vulnerabilities for at least 2 years.

This week in ironic news:

Ransomware malware hits DDS Safe, an online data backup service that hundreds of dental practice offices across the United States are using to safeguard patients’ medical records and other information from ransomware attacks.

https://thehackernews.com/2019/08/dds-safe-dental-ransomware-attack.html

ZAO—Chinese AI-Based #Deepfake Face Swapping App—Sparks Privacy Concerns After Going Crazily 🔥 Viral Over This Weekend

Details ➤ https://thehackernews.com/2019/09/face-swapping-deepfake-zao.html

USBAnywhere — Newly Discovered BMC Vulnerabilities Exposed Thousands of Supermicro Servers to Remote USB-Attacks

Details ➤ https://thehackernews.com/2019/09/hacking-bmc-server.html

XKCD Gets Hacked

The forum site of XKCD — one of the most popular webcomics platforms known for its geeky tech humor and science-laden comic strips — has suffered a databreach exposing account details of over 562,000 users.

Read: https://thehackernews.com/2019/09/xkcd-forum-hacked.html

Price for Android “zero-day exploit” suddenly jumps up to $2.5 million–higher than ever and also more than a similar full-chain, zero-click exploit for iOS with persistence.

https://thehackernews.com/2019/09/android-full-chain-zero-day-exploit.html

🤔 High demand or is hacking Android phones somehow getting tougher?

Starting with the latest Firefox 69 released yesterday, #Firefox will now automatically block third-party tracking cookies and #cryptocurrency mining scripts by default for all users.

Details: https://thehackernews.com/2019/09/firefox-tracking-cookies-cryptominers.html

Experts Warn → A flaw in modern #Android-based smartphones (Samsung, LG, Huawei, LG) could let remote attackers access all your emails and other insecurely communicated web content with an advanced SMS-based phishing attack.

Details ➤ https://thehackernews.com/2019/09/just-sms-could-let-remote-attackers.html

Twitter "temporarily" disables a feature—called Tweeting via SMS—which recently helped hackers post a series of racist and offensive tweets from the account of #Twitter CEO Jack Dorsey.

Details ➤ https://thehackernews.com/2019/09/tweet-via-sms-text-message-hacking.html

Google has finally agreed to pay $170 million fine to settle allegations that its 'YouTube for Kids' service earned millions by illegally harvesting personal information from children without their parents’ consent.

Read more — https://thehackernews.com/2019/09/youtube-kids-privacy-fine.html

The tech intended to ensure the security of your kids could inadvertently expose them to stalkers.

Researchers discover security flaws in widely used GPS tracking devices that could expose real-time location of over 600,000 users to remote attackers.

https://thehackernews.com/2019/09/gps-tracking-device-for-kids.html

Do you Speak PHP?

Latest versions of PHP programming language (7.3.9 , 7.2.22 and 7.1.32) contain patches for some high-severity vulnerabilities, most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers.

https://thehackernews.com/2019/09/php-programming-language.html

🔥 Heads Up!

A new Exim TLS vulnerability (CVE-2019-15846) opens at least over half-a-million email ✉ servers to remote "root" code execution attacks.

Read details ➤ https://thehackernews.com/2019/09/exim-email-server-vulnerability.html

Exim project releases version 4.92.2 to patch the issue.

⚡ A Summer of Discontent—The Hottest Malware Hits

Here's a recap of the most burning malware strains and trends seen in the wild during the months of July and August 2019.

Read ➤ https://thehackernews.com/2019/09/its-been-summer-of-ransomware-hold-ups.html

Facebook patches two 'memory disclosure' vulnerabilities (CVE-2019-11925 and CVE-2019-11926) in its servers running open-source HHVM, which could have been exploited by uploading maliciously constructed JPEG image files.

Read — https://thehackernews.com/2019/09/facebook-hhvm-vulnerability.html

New HHVM versions released

A newly discovered backdoor malware—linked to Stealth Falcon state-sponsored cyber-espionage group—uses Windows built-in BITS protocol to stealthily communicate and exfiltrate data to its remote C&C servers.

https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html

It's Patch Tuesday!

Adobe releases security updates that patch 2 critical vulnerabilities in #Adobe Flash Player and an important arbitrary code execution flaw in Adobe Application Manager (AAM).

https://thehackernews.com/2019/09/adobe-security-updates.html

New Vulnerabilities — Some D-Link WiFi Router and Comba Access Controller models leak their administrative panel passwords in plaintext

Details: https://thehackernews.com/2019/09/router-password-hacking.html

Windows Users, Get Your CAPS ON!

Microsoft Releases—September 2019 Patch Tuesday—Updates to Patch 17 Critical (and Other Important) Flaws in its Software, of Which 4 RCE Vulnerabilities Affect Windows RDP Client.

Details ➤ https://thehackernews.com/2019/09/microsoft-windows-update.html