🔥 WhatsApp RCE (CVE-2019-11932)
Just sending a GIF via #WhatsApp could have hacked your Android phone.
Details ➤ https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html
Vietnamese researcher found a critical flaw that enabled attackers to remotely take control over devices, and steal files and messages.
Just sending a GIF via #WhatsApp could have hacked your Android phone.
Details ➤ https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html
Vietnamese researcher found a critical flaw that enabled attackers to remotely take control over devices, and steal files and messages.
👍1
Google researcher reveals a new Android 0-day flaw that’s being exploited in the wild.
https://thehackernews.com/2019/10/android-kernel-vulnerability.html
The unpatched flaw potentially affects most devices manufactured before April 2018, including popular handsets from Samsung, Huawei, Oppo, Xiaomi, and Pixel 1 & 2.
https://thehackernews.com/2019/10/android-kernel-vulnerability.html
The unpatched flaw potentially affects most devices manufactured before April 2018, including popular handsets from Samsung, Huawei, Oppo, Xiaomi, and Pixel 1 & 2.
🔥 New — A bug in Signal messenger app for Android could allow callers to auto-connect audio calls without receivers' interaction and listen to all conversations surrounding the targeted phones.
Details ➤ https://thehackernews.com/2019/10/signal-messenger-bug.html
Details ➤ https://thehackernews.com/2019/10/signal-messenger-bug.html
Tech in Political Tug-of-War ...
Adobe bans Venezuela and cancels subscriptions (without offering refunds) for all of its customers in the Latin American country to comply with economic sanctions imposed by the Trump Administration.
Read: https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html
Adobe bans Venezuela and cancels subscriptions (without offering refunds) for all of its customers in the Latin American country to comply with economic sanctions imposed by the Trump Administration.
Read: https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html
If you haven't heard this...
vBulletin releases patch update for its forum software to fix new high-severity RCE and SQLi vulnerabilities.
Details and PoC ➤ https://thehackernews.com/2019/10/vBulletin-hacking-exploit.html
Tracked as — CVE-2019-17132 and CVE-2019-17271
Affected Versions — 5.5.4 and prior.
vBulletin releases patch update for its forum software to fix new high-severity RCE and SQLi vulnerabilities.
Details and PoC ➤ https://thehackernews.com/2019/10/vBulletin-hacking-exploit.html
Tracked as — CVE-2019-17132 and CVE-2019-17271
Affected Versions — 5.5.4 and prior.
You Gave Your Phone Number to Twitter for 2-Factor Protection and Twitter Used it for Targeted Ads — Accidentally!
Read Details: https://thehackernews.com/2019/10/twitter-advertising-privacy.html
Read Details: https://thehackernews.com/2019/10/twitter-advertising-privacy.html
7-year-old critical RCE vulnerability found in the popular iTerm2 macOS terminal app
https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html
Tracked as CVE-2019-9535, the flaw was discovered as part of a security audit funded by Mozilla Open Source Support Program.
https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html
Tracked as CVE-2019-9535, the flaw was discovered as part of a security audit funded by Mozilla Open Source Support Program.
A zero-day vulnerability in Apple's Bonjour app—which comes bundled with iTunes or iCloud for Windows—found actively being exploited in the wild by cybercriminals to evade antivirus detection and infect PCs with BitPaymer ransomware.
Read: https://thehackernews.com/2019/10/apple-bonjour-ransomware.html
Read: https://thehackernews.com/2019/10/apple-bonjour-ransomware.html
UNIX Co-Founder Ken Thompson's 39-Years-Old BSD Password Has Finally Been Cracked.
Any Guesses? HINT is in the picture.
Read ➤ https://thehackernews.com/2019/10/unix-bsd-password-cracked.html
Passwords of over 20 other Unix luminaries—including Dennis Ritchie, Stephen R. Bourne & Eric Schmidt—have also been cracked.
Any Guesses? HINT is in the picture.
Read ➤ https://thehackernews.com/2019/10/unix-bsd-password-cracked.html
Passwords of over 20 other Unix luminaries—including Dennis Ritchie, Stephen R. Bourne & Eric Schmidt—have also been cracked.
Simjacker Flaw — Millions of active SIM cards in at least 29 countries (issued by a total of 61 operators) are vulnerable to remote hacking.
Read details ➤ https://thehackernews.com/2019/10/simjacker-vulnerability-exploit.html
Nearly 25,000 malicious messages were sent to 1500 unique devices in a period of 31 days only.
Read details ➤ https://thehackernews.com/2019/10/simjacker-vulnerability-exploit.html
Nearly 25,000 malicious messages were sent to 1500 unique devices in a period of 31 days only.
🔥 CVE-2019-14287
A flaw in Sudo—that comes installed on almost every Linux OS—could let users run commands as "root" even when they're restricted.
Details ➤ https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
How? Just by specifying user ID "-1" or "4294967295" in the command instead of the root.
A flaw in Sudo—that comes installed on almost every Linux OS—could let users run commands as "root" even when they're restricted.
Details ➤ https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
How? Just by specifying user ID "-1" or "4294967295" in the command instead of the root.
Firefox blocks inline and eval() JavaScript execution for all internal browser interfaces (about: pages) to prevent injection attacks, which otherwise, in the case of a flaw, could allow attackers to execute code on behalf of users.
https://thehackernews.com/2019/10/firefox-javascript-injection.html
https://thehackernews.com/2019/10/firefox-javascript-injection.html
Not a Patch Tuesday!
Adobe just releases out-of-band security patches for a total of 82 vulnerabilities in various products, 45 of which are rated CRITICAL and all of them affect Adobe Acrobat and Reader software for macOS and Windows.
Read ➤ https://thehackernews.com/2019/10/adobe-software-patches.html
Adobe just releases out-of-band security patches for a total of 82 vulnerabilities in various products, 45 of which are rated CRITICAL and all of them affect Adobe Acrobat and Reader software for macOS and Windows.
Read ➤ https://thehackernews.com/2019/10/adobe-software-patches.html
An appreciative move by Facebook to reduce communication gap b/w researchers and developers 👏
➤ Hey Hackers, Facebook will now pay bounty for reporting flaws in 3rd-party apps.
➤ Hey Developer, hear this out again, Facebook is ready to pay bounty for its own pocket if you can at least have a proper vulnerability disclosure program.
Read more: https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html
➤ Hey Hackers, Facebook will now pay bounty for reporting flaws in 3rd-party apps.
➤ Hey Developer, hear this out again, Facebook is ready to pay bounty for its own pocket if you can at least have a proper vulnerability disclosure program.
Read more: https://thehackernews.com/2019/10/facebook-apps-bug-bounty.html
Decade-old Phorpiex malware botnet—that currently controls over 450,000 computers worldwide—recently shifted its operations to send out millions of Sextortion emails {@ 30,000 emails/hour} using hacked computers as proxies.
https://thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html
https://thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html
👍1
Feds Shut Down the Largest Dark Web Child Porn Website
Read Details ➤ https://thehackernews.com/2019/10/dark-web-child-abuse.html
➡️ South Korean Admin Arrested
➡️ Web Server Seized
➡️ Bitcoin Payments Traced
➡️ 337 Site Users Arrested Worldwide
➡️ 23 Child Victims Rescued
Read Details ➤ https://thehackernews.com/2019/10/dark-web-child-abuse.html
➡️ South Korean Admin Arrested
➡️ Web Server Seized
➡️ Bitcoin Payments Traced
➡️ 337 Site Users Arrested Worldwide
➡️ 23 Child Victims Rescued
👍17🔥6👏6
Elections are the lifelines of democracy, and so is the balance between transparency and security.
Microsoft today launches Bug Bounty for its open-source ElectionGuard vote verification software, offering up to $15,000 for reporting vulnerabilities.
https://thehackernews.com/2019/10/election-software-hacking.html
Microsoft today launches Bug Bounty for its open-source ElectionGuard vote verification software, offering up to $15,000 for reporting vulnerabilities.
https://thehackernews.com/2019/10/election-software-hacking.html
👍1
42 Adware malware apps identified on Google Play Store—with 8 million downloads—have been traced back to a Vietnamese student.
Details: https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html
If you have any of the listed apps installed on your Android device, you are advised to uninstall it immediately.
Details: https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html
If you have any of the listed apps installed on your Android device, you are advised to uninstall it immediately.
👏1🤯1
⚡ CPDoS Attack
A new cache poisoning DoS attack lets attackers trick popular CDN services into delivering “error pages” to visitors of a targeted site, instead of the “legitimate content”—just by sending a single HTTP request for each targeted resource.
https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html
A new cache poisoning DoS attack lets attackers trick popular CDN services into delivering “error pages” to visitors of a targeted site, instead of the “legitimate content”—just by sending a single HTTP request for each targeted resource.
https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html
Skip-2.0: A new Microsoft SQL server backdoor malware spotted in the wild that lets remote attackers stealthily connect to any account on a compromised server using a “magic password.”
Read details: https://thehackernews.com/2019/10/mssql-server-backdoor.html
Read details: https://thehackernews.com/2019/10/mssql-server-backdoor.html
Big 4 mobile carriers in the U.S. — Verizon, AT&T, Sprint and T-Mobile — join forces to replace ancient SMS service with RCS-based enhanced messaging protocol in 2020.
Read ➤ https://thehackernews.com/2019/10/rcs-messaging-sms.html
Read ➤ https://thehackernews.com/2019/10/rcs-messaging-sms.html