Two former Twitter employees have been caught helping Saudi Arabia spy on dissidents and critics by selling out their personal information.

Read more: https://thehackernews.com/2019/11/twitter-spying-saudi-arabia.html

Tech giants announce support for "Delegated Credentials for TLS," a new protocol designed for security that offers websites a reliable way to deploy TLS certificates with a validity of a short period, i.e., up to 7 days.

In this article we have covered:

✅ Over of the current TLS infrastructure
✅ Why we need Delegated Credentials for TLS?
✅ What is Delegated Credentials for TLS?
✅ How does it boost TLS protocol security?

Read more: https://thehackernews.com/2019/11/delegated-credentials-for-tls.html

Facebook’s Latest Privacy Mishap:

Social media company today revealed that a bug in its system unknowingly allowed 100 app developers to ‘improperly access’ data on members in certain Facebook groups.

Read more: https://thehackernews.com/2019/11/facebook-groups-data-leak.html

A security vulnerability in Amazon's Smart Ring Video Doorbell 🔔 Pro devices could have let remote attackers steal your Wi-Fi password.

Learn how ➤ https://thehackernews.com/2019/11/ring-doorbell-wifi-password.html

Is Facebook Secretly Accessing Your iPhone's Camera?

 

Some users claimed.

 

However, it appears more like a UI bug, instead of a privacy issue.

 

Read this and watch demo ➤ https://thehackernews.com/2019/11/facebook-ios-camera.html  

💀 ZombieLoad v2: Return of the Leaking Dead.

A new variant of the data-leaking side-channel attack affects most recent Intel CPUs (including the latest Cascade Lake) that are resistant against Meltdown, Foreshadow and other MDS attacks.

Details ➤ https://thehackernews.com/2019/11/zombieload-cpu-vulnerability.html

⚠️ TPM-Fail(ed)

New potentially serious CPU vulnerabilities could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based #Intel TPMs.

Read more: https://thehackernews.com/2019/11/tpm-encryption-keys-hacking.html

➡️ CVE-2019-11090
➡️ CVE-2019-16863

Utah-based technology company detected 2-year-long massive #databreach only after the hacker 'accidentally' maxed out compromised servers' file storage capacity.

Read more ➤ https://thehackernews.com/2019/11/hacking-file-storage.html

🚨 New WhatsApp RCE (CVE-2019-11931)

Facebook quietly patched another critical flaw in WhatsApp that could have allowed attackers to hack targeted devices remotely and install #spyware on them — just by sending MP4 media file.

Details: ➤ https://t.co/eiAp2b5ci2

Louisiana State Government hit by ransomware attack, forcing the authorities to take several state agency servers offline—including government websites, email systems, and other internal applications.

Read more: https://thehackernews.com/2019/11/louisiana-ransomware-attack.html

WATCH OUT!

A flaw in pre-installed Android Camera apps could let rogue apps take photos, record video, eavesdrop on conversations — without requiring permissions and even when the phone is locked, the screen is OFF, or the app is closed.

Details ➤ https://thehackernews.com/2019/11/android-camera-hacking.html

😬 Oh c'mon!

Someone hacked official site of Monero cryptocurrency project and quietly replaced legitimate Linux + Windows binaries available for download with malicious versions designed to steal funds 💰 from the users' wallets.

Read more: https://thehackernews.com/2019/11/hacking-monero-cryptocurrency.html

T-Mobile Suffers Yet Another Data Breach... This Time Affecting Its Prepaid Wireless Customers.

Details ➤ https://thehackernews.com/2019/11/t-mobile-prepaid-data-breach.html

Change Your Account PIN/Passcode Now.

Russian hacker 'Stanislav Vitaliyevich Lisov' — who created and used NeverQuest banking Trojan to steal money from hundreds of victims — has finally been sentenced to 4 years in the U.S. prison.

Details: https://thehackernews.com/2019/11/lisov-neverquest-russian-hacker.html

Chinese smartphone maker OnePlus suffers a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website.

Read details: https://thehackernews.com/2019/11/oneplus-store-data-breach.html

A total of 37 new vulnerabilities found in 4 popular open-source VNC remote desktop sharing apps.

Read: https://thehackernews.com/2019/11/vnc-remote-software-hacking.html

Many of these flaws went unnoticed for the last 20 years, and most severe could allow remote attackers to compromise a targeted system.

Yet Another Facebook and Twitter Data Scandal:

Two third-party SDKs used by hundreds of thousands of Android apps have been caught holding unauthorized access to users' personal data associated with their connected social media accounts.

https://thehackernews.com/2019/11/sdk-twitter-facebook-android.html

Let's Go Undercover 🕵️

Latest Kali Linux 2019.4 release includes a new ‘Undercover Mode’ which turns your hackish dragon theme into an innocent Windows look-a-like desktop.

https://thehackernews.com/2019/11/kali-linux-undercover-mode.html

Fun, but a great idea for those who don't want people to spot them hacking.

Google identified and warned over 12,000 of its users across 149 countries who were targeted by a government-backed hacking attempt in the 3rd quarter of 2019.

Read more: https://thehackernews.com/2019/11/google-government-hacking.html

Facebook launches a new tool ⁠— built on the Data Transfer Project (DTP) framework ⁠— that aims to let users easily and securely transfer their Facebook photos and videos to their Google photos accounts.

Read details: https://thehackernews.com/2019/12/facebook-google-photos-data.html

Beware Android Users! A new unpatched vulnerability — dubbed Strandhogg — in Android could let malicious apps take extensive control over your device & steal your login credentials.

Dozens of apps are already exploiting this flaw in the wild.

Strandhogg attacks are potentially dangerous because:

➡️ it's almost impossible to spot,
➡️ it can hijack any app,
➡️ it can request any device permission,
➡️ it can be exploited without root,
➡️ it works on all versions of Android,
➡️ it doesn't need any special permissions.

Read Details: https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html