*Here We Go:*

SNDBOX — Researchers Release a New Artificial Intelligence-Powered Online Automated #Malware Analysis Platform ...and It's Free!

SNDBOX offers Static, Dynamic (behavioral) and Network analysis for submitted executables in an easy-to-understand format.

It uses Machine Learning algorithms to automatically develop deeper knowledge and understanding on several aspects, behavioral patterns, vectors, attributes, classification, and signatures over time.

SNDBOX is not just capable of detecting malware by monitoring their behavior, but it also converts dynamic behavioral inputs into searchable vectors, allowing users to search its vast online malware analysis database with excellent visibility

Watch Demo Video, Sample Reports at The Hacker News
https://thehackernews.com/2018/12/sndbox-malware-analysis-tool.html

New Adobe Flash zero-day exploit discovered hidden inside Microsoft Office docs, which are being used in a targeted campaign against Russian State Healthcare Institution

https://thehackernews.com/2018/12/flash-player-vulnerability.html

Tracked as CVE-2018-15982, the Flash Player vulnerability allows attackers to execute arbitrary code on a targeted system. Adobe has released patch update to fix it.

WARNING — On most Linux distributions, unprivileged users with UIDs greater than INT_MAX value can execute any systemctl command, thanks to a new flaw (CVE-2018-19788) found in PolicyKit, a toolkit responsible for handling authentication & permissions

https://thehackernews.com/2018/12/linux-user-privilege-policykit.html

Australia Passes New Anti-Encryption Bill 2018—Here's Everything You Need To Know

https://thehackernews.com/2018/12/australia-anti-encryption-bill.html

Worth to note → It doesn't allow Government to force Tech companies to Weak/crack/backdoor their encrypted services. Instead, Australia wants them to provide an alternative way to let Government sneak into your devices, whenever required.

Google announces to shutdown #Google+ 4 month earlier than its actual scheduled after the company discovered a new API flaw that exposed personal information of 52.5 million users

https://thehackernews.com/2018/12/google-plus-hacking.html

Google+ will now die on April 2019 instead of August 2019.

phpMyAdmin Releases Critical Software Update to Address Several Security Vulnerabilities — Patch Your Websites Now!

https://thehackernews.com/2018/12/phpmyadmin-security-update.html

—Local file inclusion (CVE-2018-19968)
—Cross-Site Request Forgery/XSRF (CVE-2018-19969)
—Cross-site scripting (CVE-2018-19970)

A new variant of infamous Shamoon malware is targeting Oil and Gas sector in the Middle East and Europe

https://thehackernews.com/2018/12/shamoon-malware-attack.html

Microsoft releases an EMERGENCY security update to patch a remote code execution vulnerability (CVE-2018-8653) in Internet Explorer that is currently being exploited in the wild



https://thehackernews.com/2018/12/internet-explorer-zero-day.html



Affected Versions — Internet Explorer 9, 10, 11 on Windows 7, 8.1, 10 Server 2008, 2012, 2016 and 2019.

Hacker Discloses New Unpatched Windows #ZeroDay Exploit On Twitter

PoC Exploit and Demo Video→ https://thehackernews.com/2018/12/windows-zero-day-exploit.html

The flaw resides in "MsiAdvertiseProduct" function and could allow low-privileged #Windows users to read content of any file on the system.

U.S. Department of Justice today indicted 2 Chinese government sponsored hackers over decade-long global #hacking campaign

https://thehackernews.com/2018/12/chinese-hacker-wanted-by-fbi.html

Defendants are members of #APT10 hacking group who stole trade secrets from tech companies and government agencies around the world

Google partially patches a privacy issue in Chrome app for Android that was originally disclosed 3-years ago

https://thehackernews.com/2019/01/google-chrome-android-privacy.html

The bug reveals device hardware model and firmware version, allowing remote attackers to identify if you're running an outdated/flawed OS.

Deal of the Week: Get 10 Popular CyberSecurity eBooks To Learn Advanced Ethical Hacking @ 96% Discount

https://thehackernews.com/2019/01/cybersecurity-hacking-books.html

20-Year-Old Student, "Who Acted Alone," Arrested For Carrying Out Germany's Biggest Data Leak

https://thehackernews.com/2019/01/germany-data-leak-arrested.html …

He admits to #hacking and leaking personal data of thousands of German politicians, journalists and other public figures.

IMPORTANT — Search your Wi-Fi routers logs for "f8:e0:79:af:57:eb" MAC Address

https://thehackernews.com/2019/01/german-dhl-parcel-bomb-blackmailer.html …

German #Police seek help in gathering related info that could lead to the phone used by DHL blackmailer who parceled out #bombs at different addresses in Brandenburg & Berlin.

Turns out that it was Kaspersky Labs who tipped off the FBI & helped the agency catch alleged #NSA leaker Harold T. Martin III

https://thehackernews.com/2019/01/shadow-brokers-nsa-kaspersky.html …

Martin contacted Kaspersky researchers just 30 min before TheShadowBrokers began leaking classified NSA #hacking tools online

Google Public DNS Service Now Supports DNS-over-TLS Security Feature

https://thehackernews.com/2019/01/google-dns-over-tls-security.html

It not just helps in hiding your web-browsing history from ISPs and eavesdroppers, but also prevents DNS spoofing attacks.

Over 202 Million Chinese Job Seekers' Scrapped Personal Details Exposed On the Internet

https://thehackernews.com/2019/01/mongodb-chinese-database.html …

Thanks to Another Unprotected MongoDB Instance [854 GB]

New Systemd Security Flaws Affect Most Linux Distributions — Patches are on the Way!

https://thehackernews.com/2019/01/linux-systemd-exploit.html …

CVE-2018-16864 (privilege escalation)
CVE-2018-16865 (privilege escalation)
CVE-2018-16866 (Information leak)

Cybercriminals found using Zero-Width Space characters in Phishing emails to bypass Microsoft Office 365 Safe Links and Advanced Threat Protection

https://thehackernews.com/2019/01/phishing-zero-width-spaces.html

PyLocky #Ransomware Decryption Tool Released—Unlock Your Files For Free

https://thehackernews.com/2019/01/pylocky-free-ransomware-decryption.html

Limitation: The tool requires captured PCAP file of the initial network traffic b/w the infected machine and C&C server to extract the password