Popular SSH Client "PuTTY" Releases Important Software Update (Version 0.71) to Patch 8 New High-Severity Vulnerabilities

https://thehackernews.com/2019/03/putty-software-hacking.html

Holy Moly 😱 Facebook revealed that it "mistakenly" stored a copy of passwords for "hundreds of millions" users in plaintext:

https://thehackernews.com/2019/03/facebook-account-passwords.html

Microsoft Announces Windows Defender ATP Antivirus for Mac


https://thehackernews.com/2019/03/microsoft-defender-antivirus-macos.html


The company also hints that MS Defender will soon be available for more platforms… probably Linux is next!

DHS issues warning about critical vulnerabilities in Medtronic’s implantable defibrillator devices that could cause life-threatening malfunctions

https://thehackernews.com/2019/03/hacking-implantable-defibrillators.html

Important — Over 1 million ASUS computers compromised in a massive supply-chain attack that went undetected for almost 6 months.

https://thehackernews.com/2019/03/asus-computer-hacking.html

Hackers managed to compromise ASUS Live Software server and distributed backdoored updates to users worldwide.

Apple releases iOS 12.2 to patch some pretty serious #security vulnerabilities in iPhone, iPad and iPod touch 6th generation devices

Majority of flaws patched this month reside in #WebKit, which may allow malicious sites to execute arbitrary code, bypass sandbox restrictions, or launch universal XSS attacks

One of the WebKit flaws (CVE-2019-6222) could allow malicious sites to access microphone of your #iOS device, without the "microphone-in-use" indicator being shown.

Apple also patches another critical flaw (CVE-2019-8553) in iOS that can be exploited by just convincing victims into clicking a malicious SMS link, leading to arbitrary code execution.

Read more: https://thehackernews.com/2019/03/ios-update-iphone-security.html

⚠️Breaking — Popular UC Browser contains a 'hidden,' 'potentially dangerous,' and insecure 'feature' (backdoor) that allows remote attackers to execute malicious code on Android smartphones, putting over 500 million of its users at risk

https://thehackernews.com/2019/03/uc-browser-android-hacking.html

Facebook introduces a new "Whitehat Settings" to help Bug Bounty hunters and hackers easily intercept network traffic (bypass Certificate Pinning) and find flaws in its Facebook, Messenger and Instagram mobile applications

https://thehackernews.com/2019/03/facebook-whitehat-setting-hackers.html

Elfin Cyber Espionage Hackers Group, aka APT 33, Targets Multiple Organisations in U.S. and Saudi Arabian

https://thehackernews.com/2019/03/apt33-cyber-espionage-hacking.html

Ex-NSA contractor Harold Thomas Martin III—who stole classified material over more than 20 years—has finally pleaded guilty to the federal charge of willful retention of national defense information

https://thehackernews.com/2019/03/nsa-classified-material.html

Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

https://thehackernews.com/2019/03/network-data-protection.html

Experts at Cynet are hosting a #webinar that will explain some significant inherent security gaps in EDR\EPP and Network Analytics you should know about.

Important — Critical Unauthenticated "SQL Injection" Flaw Discovered in Magento E-Commerce Platform

https://thehackernews.com/2019/03/magento-website-security.html

Online store owners are advised to immediately install the latest version of Magento to patch a total of 37 new #security vulnerabilities.

BREAKING — Here's the List of ~600 MAC Addresses Hackers Targeted in the Recent ShadowHammer ASUS Breach

https://thehackernews.com/2019/03/asus-hack-mac-addresses.html

📢 FireEye Releases "Commando VM"

It's a new #Windows-based virtual distribution for hackers and penetration testers that contains more than 400 pre-installed tools for testing and red teaming.

https://thehackernews.com/2019/03/windows-hacking-tools.html

CommandoVM is equipped with popular hacking tools like Nmap, Wireshark, Remote Server Administration Tools, Mimikatz, Burp-Suite, x64db, Metasploit, PowerSploit, Hashcat, and Owasp ZAP, pre-configured for a smooth working environment.

Exclusive—Researcher Discloses PoC for "Unpatched Zero-Day Flaws" Affecting Microsoft Edge and IE Browsers:

👉 https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html

Researcher discloses details 10-month after Microsoft allegedly failed to respond to his responsible disclosure.

Hackers Stole Nearly $19 Million Worth of Cryptocurrencies from Bithumb Exchange

https://thehackernews.com/2019/03/bithumb-cryptocurrency-hacked.html

Thousands of unprotected Kibana instances found exposed on the Internet, leaving many sensitive Elasticsearch databases at risk of getting leaked

https://thehackernews.com/2019/04/kibana-data-security.html

New Apache Web Server Vulnerability Threatens Security of Shared Web Hosts
.

https://thehackernews.com/2019/04/apache-web-server-security.html

The flaw (CVE-2019-0211) could allow less-privileged web host users to execute arbitrary code with root privileges on the targeted servers.

This is Terrible 🤦 Facebook has been caught asking some new users to enter passwords for their registered email accounts to let Facebook automatically access their inboxes and verify the email addresses.

https://thehackernews.com/2019/04/facebook-email-password.html

Researchers publish an in-depth analysis of JS Sniffers, uncovering some new families of credit card-skimming code

https://thehackernews.com/2019/04/js-sniffers-credit-card-hacking.html