Facebook patches two 'memory disclosure' vulnerabilities (CVE-2019-11925 and CVE-2019-11926) in its servers running open-source HHVM, which could have been exploited by uploading maliciously constructed JPEG image files.
Read — https://thehackernews.com/2019/09/facebook-hhvm-vulnerability.html
New HHVM versions released
Read — https://thehackernews.com/2019/09/facebook-hhvm-vulnerability.html
New HHVM versions released
A newly discovered backdoor malware—linked to Stealth Falcon state-sponsored cyber-espionage group—uses Windows built-in BITS protocol to stealthily communicate and exfiltrate data to its remote C&C servers.
https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html
https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html
It's Patch Tuesday!
Adobe releases security updates that patch 2 critical vulnerabilities in #Adobe Flash Player and an important arbitrary code execution flaw in Adobe Application Manager (AAM).
https://thehackernews.com/2019/09/adobe-security-updates.html
Adobe releases security updates that patch 2 critical vulnerabilities in #Adobe Flash Player and an important arbitrary code execution flaw in Adobe Application Manager (AAM).
https://thehackernews.com/2019/09/adobe-security-updates.html
New Vulnerabilities — Some D-Link WiFi Router and Comba Access Controller models leak their administrative panel passwords in plaintext
Details: https://thehackernews.com/2019/09/router-password-hacking.html
Details: https://thehackernews.com/2019/09/router-password-hacking.html
Windows Users, Get Your CAPS ON!
Microsoft Releases—September 2019 Patch Tuesday—Updates to Patch 17 Critical (and Other Important) Flaws in its Software, of Which 4 RCE Vulnerabilities Affect Windows RDP Client.
Details ➤ https://thehackernews.com/2019/09/microsoft-windows-update.html
Microsoft Releases—September 2019 Patch Tuesday—Updates to Patch 17 Critical (and Other Important) Flaws in its Software, of Which 4 RCE Vulnerabilities Affect Windows RDP Client.
Details ➤ https://thehackernews.com/2019/09/microsoft-windows-update.html
Operation reWired — Hundreds of email scammers arrested in Nigeria and the United States as part of a joint Law Enforcement effort to disrupt a massive multi-billion dollar scheme.
Details: https://thehackernews.com/2019/09/nigerian-bec-scams-arrested.html
Details: https://thehackernews.com/2019/09/nigerian-bec-scams-arrested.html
🔥1
Google to experiment 'DNS over HTTPS' (DoH) privacy feature in its upcoming Chrome 78 release.
Details — https://thehackernews.com/2019/09/chrome-dns-over-https.html
Unlike Firefox, Chrome’s implementation will enable DoH only when the user’s current DNS provider is among a list of DoH-compatible providers.
Details — https://thehackernews.com/2019/09/chrome-dns-over-https.html
Unlike Firefox, Chrome’s implementation will enable DoH only when the user’s current DNS provider is among a list of DoH-compatible providers.
🐱 NetCAT Attack
Cybersecurity researchers demonstrate a new side-channel vulnerability that could allow network-based hackers to remotely steal sensitive data from modern Intel CPUs solely sending specially crafted network packets
Details ➤ https://thehackernews.com/2019/09/netcat-intel-side-channel.html
Cybersecurity researchers demonstrate a new side-channel vulnerability that could allow network-based hackers to remotely steal sensitive data from modern Intel CPUs solely sending specially crafted network packets
Details ➤ https://thehackernews.com/2019/09/netcat-intel-side-channel.html
💥 SimJacker Vulnerability (0-day under active attack)
A new SIM card-based flaw could allow remote attackers to hijack and spy on any phone just by sending an SMS – regardless of which handset the victim is using.
Read details — https://thehackernews.com/2019/09/simjacker-mobile-hacking.html
What’s more worrisome?
According to researchers, a specific private company that works with Governments is actively exploiting SimJacker vulnerability for at least 2 years to conduct targeted surveillance on mobile phone users across several countries.
A new SIM card-based flaw could allow remote attackers to hijack and spy on any phone just by sending an SMS – regardless of which handset the victim is using.
Read details — https://thehackernews.com/2019/09/simjacker-mobile-hacking.html
What’s more worrisome?
According to researchers, a specific private company that works with Governments is actively exploiting SimJacker vulnerability for at least 2 years to conduct targeted surveillance on mobile phone users across several countries.
⚡1👍1
😬 Yikes!
iOS13 will be released to the public next week—but with an iPhone lockscreen bypass vulnerability that Apple left unpatched even after the bug was reported privately 2 months ago.
Learn how it works ➤ https://thehackernews.com/2019/09/ios-13-lockscreen-bypass.html
iOS13 will be released to the public next week—but with an iPhone lockscreen bypass vulnerability that Apple left unpatched even after the bug was reported privately 2 months ago.
Learn how it works ➤ https://thehackernews.com/2019/09/ios-13-lockscreen-bypass.html
Over 120 new high-severity vulnerabilities discovered in routers (business, industrial and home) and NAS devices from popular brands—including ASUS, Seagate, QNAP, Lenovo, Netgear, Xiaomi and many others.
Read details here: https://thehackernews.com/2019/09/hacking-soho-routers.html
Read details here: https://thehackernews.com/2019/09/hacking-soho-routers.html
Be careful, It’s unpatched!
Turns out 'Delete for Everyone' feature in WhatsApp doesn’t actually delete sent pictures/videos from recipients’ iPhone (with default settings), leaving millions of non-iOS users with a false sense of privacy.
Details ➤ https://thehackernews.com/2019/09/whatsapp-delete-for-everyone-privacy.html
Turns out 'Delete for Everyone' feature in WhatsApp doesn’t actually delete sent pictures/videos from recipients’ iPhone (with default settings), leaving millions of non-iOS users with a false sense of privacy.
Details ➤ https://thehackernews.com/2019/09/whatsapp-delete-for-everyone-privacy.html
Warning — Thousands of Google Calendars are, intentionally or unintentionally, leaking private information quietly on the Internet, allowing anyone to not only access sensitive details but also add new events with maliciously crafted info & links.
https://thehackernews.com/2019/09/google-calendar-search.html
https://thehackernews.com/2019/09/google-calendar-search.html
BREAKING
United States today filed a lawsuit against Edward Snowden and you would be surprised to know WHY...
Read here ➤ https://thehackernews.com/2019/09/edward-snowden-lawsuit.html
United States today filed a lawsuit against Edward Snowden and you would be surprised to know WHY...
Read here ➤ https://thehackernews.com/2019/09/edward-snowden-lawsuit.html
Active since 2017, widespread Smominru botnet worm "indiscriminately" hacked over 90,000 Windows computers just last month (August 2019) and spreading rapidly at the rate of 4,700 new machines everyday.
Read — https://thehackernews.com/2019/09/smominru-botnet.html
Read — https://thehackernews.com/2019/09/smominru-botnet.html
Google has started rolling out Chrome 77.0.3865.90 update that patches 1 critical and 3 high-risk security vulnerabilities in the web browser—the most severe of which could allow remote hackers to take control of an affected system.
https://thehackernews.com/2019/09/google-chrome-update.html
So make sure you're running the latest version of Chrome on your Windows, Mac, and Linux systems.
https://thehackernews.com/2019/09/google-chrome-update.html
So make sure you're running the latest version of Chrome on your Windows, Mac, and Linux systems.
Two widely installed Adblocker extensions for Chrome, mimicking as—AdBlock and uBlock Origin—have been caught "stuffing cookies" into millions of web browsers to fraudulently generate affiliate income.
https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html
https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html
It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities:
➡️ CVE-2019-1367 — a critical IE zero-day under active attack.
➡️ CVE-2019-1255 — DoS flaw in Microsoft Defender.
Read details: https://thehackernews.com/2019/09/windows-update-zero-day.html
➡️ CVE-2019-1367 — a critical IE zero-day under active attack.
➡️ CVE-2019-1255 — DoS flaw in Microsoft Defender.
Read details: https://thehackernews.com/2019/09/windows-update-zero-day.html
Russian APT Map — Learn Who’s Who In Russian Ecosystem
https://thehackernews.com/2019/09/russia-hacking-groups-map.html
An open-source interactive visual map (with data) that reveals nearly 22,000 connections between 2000 malware samples, attributed to Russian hacking groups, based on 3.85 million pieces of code.
https://thehackernews.com/2019/09/russia-hacking-groups-map.html
An open-source interactive visual map (with data) that reveals nearly 22,000 connections between 2000 malware samples, attributed to Russian hacking groups, based on 3.85 million pieces of code.
A new 1-Click iPhone and Android mobile hacking campaign found targeting high-profile members of Tibetan groups via sending tailored malicious links via WhatsApp, designed to exploit browser vulnerabilities and stealthily install spyware.
https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html
https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html
Apple warns of an unpatched bug in the latest iOS 13 and iPadOS releases that could allow third-party keyboard apps to grant themselves “Full Access” permission — even when you deny it.
Read: https://thehackernews.com/2019/09/ios-13-keyboard-apps.html
Apple will fix in the upcoming iOS 13.2 update.
Read: https://thehackernews.com/2019/09/ios-13-keyboard-apps.html
Apple will fix in the upcoming iOS 13.2 update.