Active since 2017, widespread Smominru botnet worm "indiscriminately" hacked over 90,000 Windows computers just last month (August 2019) and spreading rapidly at the rate of 4,700 new machines everyday.
Read — https://thehackernews.com/2019/09/smominru-botnet.html
Read — https://thehackernews.com/2019/09/smominru-botnet.html
Google has started rolling out Chrome 77.0.3865.90 update that patches 1 critical and 3 high-risk security vulnerabilities in the web browser—the most severe of which could allow remote hackers to take control of an affected system.
https://thehackernews.com/2019/09/google-chrome-update.html
So make sure you're running the latest version of Chrome on your Windows, Mac, and Linux systems.
https://thehackernews.com/2019/09/google-chrome-update.html
So make sure you're running the latest version of Chrome on your Windows, Mac, and Linux systems.
Two widely installed Adblocker extensions for Chrome, mimicking as—AdBlock and uBlock Origin—have been caught "stuffing cookies" into millions of web browsers to fraudulently generate affiliate income.
https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html
https://thehackernews.com/2019/09/browser-chrome-extension-adblock.html
It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities:
➡️ CVE-2019-1367 — a critical IE zero-day under active attack.
➡️ CVE-2019-1255 — DoS flaw in Microsoft Defender.
Read details: https://thehackernews.com/2019/09/windows-update-zero-day.html
➡️ CVE-2019-1367 — a critical IE zero-day under active attack.
➡️ CVE-2019-1255 — DoS flaw in Microsoft Defender.
Read details: https://thehackernews.com/2019/09/windows-update-zero-day.html
Russian APT Map — Learn Who’s Who In Russian Ecosystem
https://thehackernews.com/2019/09/russia-hacking-groups-map.html
An open-source interactive visual map (with data) that reveals nearly 22,000 connections between 2000 malware samples, attributed to Russian hacking groups, based on 3.85 million pieces of code.
https://thehackernews.com/2019/09/russia-hacking-groups-map.html
An open-source interactive visual map (with data) that reveals nearly 22,000 connections between 2000 malware samples, attributed to Russian hacking groups, based on 3.85 million pieces of code.
A new 1-Click iPhone and Android mobile hacking campaign found targeting high-profile members of Tibetan groups via sending tailored malicious links via WhatsApp, designed to exploit browser vulnerabilities and stealthily install spyware.
https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html
https://thehackernews.com/2019/09/iphone-android-hacking-tibet.html
Apple warns of an unpatched bug in the latest iOS 13 and iPadOS releases that could allow third-party keyboard apps to grant themselves “Full Access” permission — even when you deny it.
Read: https://thehackernews.com/2019/09/ios-13-keyboard-apps.html
Apple will fix in the upcoming iOS 13.2 update.
Read: https://thehackernews.com/2019/09/ios-13-keyboard-apps.html
Apple will fix in the upcoming iOS 13.2 update.
Microsoft Outlook on the Web is planning to ban 38 more potentially harmful file types (extensions) in e-mail attachments, including Python, PowerShell, Java and Digital Certificate files.
Details ➤ https://thehackernews.com/2019/09/email-attachment-malware.html
Details ➤ https://thehackernews.com/2019/09/email-attachment-malware.html
DoorDash got hacked!
The food-delivery service confirms a massive data breach that exposes personal data of almost 5 million people, including its customers, delivery workers and merchants.
Details ➤ https://thehackernews.com/2019/09/doordash-data-breach.html
Change your password now.
The food-delivery service confirms a massive data breach that exposes personal data of almost 5 million people, including its customers, delivery workers and merchants.
Details ➤ https://thehackernews.com/2019/09/doordash-data-breach.html
Change your password now.
⚡This is HUGE!
Hacker releases "permanent unpatchable" bootrom jailbreak exploit for all iOS Devices—from iPhone 4s to iPhone X, running on A5 to A11 chips.
Read details ➤ https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html
Hacker releases "permanent unpatchable" bootrom jailbreak exploit for all iOS Devices—from iPhone 4s to iPhone X, running on A5 to A11 chips.
Read details ➤ https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html
🔥 Microsoft warns of a new, rare piece of Node.js-based fileless malware — Nodersok — that leverages legitimate built-in system utilities and trusted third-party tools to fly under the radar, while turning infected machines into zombie proxies.
https://thehackernews.com/2019/09/windows-fileless-malware-attack.html
https://thehackernews.com/2019/09/windows-fileless-malware-attack.html
🔥 Important — More SIM cards are vulnerable to Simjacker attacks than previously disclosed
Details ➤ https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html
Turns out the S@T Browser is not the only dynamic SIM toolkit that could allow remote attackers to compromise phones just by sending SMS.
Details ➤ https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html
Turns out the S@T Browser is not the only dynamic SIM toolkit that could allow remote attackers to compromise phones just by sending SMS.
🔥 Exclusive
Hacker steals over 218 million Zynga’s — Words with Friends — game players' login information, including email IDs and passwords.
https://thehackernews.com/2019/09/zynga-game-hacking.html
Zynga admitted the breach, revealing it also exposed data for another popular game “Draw Something” as well.
Hacker steals over 218 million Zynga’s — Words with Friends — game players' login information, including email IDs and passwords.
https://thehackernews.com/2019/09/zynga-game-hacking.html
Zynga admitted the breach, revealing it also exposed data for another popular game “Draw Something” as well.
👉 CVE-2019-16928
New Critical Exim Vulnerability Exposes Email Servers to Remote Attacks, Potentially Leading to Remote Code Execution (RCE).
Details ➤ https://thehackernews.com/2019/09/exim-email-security-vulnerability.html
Exim Version 4.92.3 Released With Patches. Update Now!
New Critical Exim Vulnerability Exposes Email Servers to Remote Attacks, Potentially Leading to Remote Code Execution (RCE).
Details ➤ https://thehackernews.com/2019/09/exim-email-security-vulnerability.html
Exim Version 4.92.3 Released With Patches. Update Now!
eGobblers Are Back!
Over a Billion Malicious Ad Impressions Exploit a New WebKit Vulnerability to Target Apple Users
Details: https://thehackernews.com/2019/10/malvertising-webkit-hacking.html
Over a Billion Malicious Ad Impressions Exploit a New WebKit Vulnerability to Target Apple Users
Details: https://thehackernews.com/2019/10/malvertising-webkit-hacking.html
⚡🔒📖 PDFex Attacks
Researchers find a new and novel set of hacks to remotely exfiltrate and read the entire content of a password protected or encrypted PDF file without knowing the actual password.
Read Details (PoC Released) — https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html
Popular PDF viewers found vulnerable, including Adobe Acrobat, Foxit, Okular, Nitro Reader and more, as well as those come built-into web Chrome, Firefox and Safari browsers.
Researchers find a new and novel set of hacks to remotely exfiltrate and read the entire content of a password protected or encrypted PDF file without knowing the actual password.
Read Details (PoC Released) — https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html
Popular PDF viewers found vulnerable, including Adobe Acrobat, Foxit, Okular, Nitro Reader and more, as well as those come built-into web Chrome, Firefox and Safari browsers.
Former Yahoo employee admits hacking into over 6000 users' accounts, mostly of younger women, to find sexual images & videos.
https://thehackernews.com/2019/10/yahoo-email-hacking.html
He then also hacked into their iCloud, Gmail, Facebook & other email-connected accounts in search of more private content.
https://thehackernews.com/2019/10/yahoo-email-hacking.html
He then also hacked into their iCloud, Gmail, Facebook & other email-connected accounts in search of more private content.
{New} Monitoring 7-month long campaign exposes how Chinese hackers are putting a lot of effort, time and research into continually updating its tactics, techniques and procedures and successfully targeting foreign government organizations.
Read: https://thehackernews.com/2019/10/chinese-hackers-phishing.html
Read: https://thehackernews.com/2019/10/chinese-hackers-phishing.html
🔥 WhatsApp RCE (CVE-2019-11932)
Just sending a GIF via #WhatsApp could have hacked your Android phone.
Details ➤ https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html
Vietnamese researcher found a critical flaw that enabled attackers to remotely take control over devices, and steal files and messages.
Just sending a GIF via #WhatsApp could have hacked your Android phone.
Details ➤ https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html
Vietnamese researcher found a critical flaw that enabled attackers to remotely take control over devices, and steal files and messages.
👍1
Google researcher reveals a new Android 0-day flaw that’s being exploited in the wild.
https://thehackernews.com/2019/10/android-kernel-vulnerability.html
The unpatched flaw potentially affects most devices manufactured before April 2018, including popular handsets from Samsung, Huawei, Oppo, Xiaomi, and Pixel 1 & 2.
https://thehackernews.com/2019/10/android-kernel-vulnerability.html
The unpatched flaw potentially affects most devices manufactured before April 2018, including popular handsets from Samsung, Huawei, Oppo, Xiaomi, and Pixel 1 & 2.
🔥 New — A bug in Signal messenger app for Android could allow callers to auto-connect audio calls without receivers' interaction and listen to all conversations surrounding the targeted phones.
Details ➤ https://thehackernews.com/2019/10/signal-messenger-bug.html
Details ➤ https://thehackernews.com/2019/10/signal-messenger-bug.html