Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

https://thehackernews.com/2019/03/network-data-protection.html

Experts at Cynet are hosting a #webinar that will explain some significant inherent security gaps in EDR\EPP and Network Analytics you should know about.

Important — Critical Unauthenticated "SQL Injection" Flaw Discovered in Magento E-Commerce Platform

https://thehackernews.com/2019/03/magento-website-security.html

Online store owners are advised to immediately install the latest version of Magento to patch a total of 37 new #security vulnerabilities.

BREAKING — Here's the List of ~600 MAC Addresses Hackers Targeted in the Recent ShadowHammer ASUS Breach

https://thehackernews.com/2019/03/asus-hack-mac-addresses.html

📢 FireEye Releases "Commando VM"

It's a new #Windows-based virtual distribution for hackers and penetration testers that contains more than 400 pre-installed tools for testing and red teaming.

https://thehackernews.com/2019/03/windows-hacking-tools.html

CommandoVM is equipped with popular hacking tools like Nmap, Wireshark, Remote Server Administration Tools, Mimikatz, Burp-Suite, x64db, Metasploit, PowerSploit, Hashcat, and Owasp ZAP, pre-configured for a smooth working environment.

Exclusive—Researcher Discloses PoC for "Unpatched Zero-Day Flaws" Affecting Microsoft Edge and IE Browsers:

👉 https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html

Researcher discloses details 10-month after Microsoft allegedly failed to respond to his responsible disclosure.

Hackers Stole Nearly $19 Million Worth of Cryptocurrencies from Bithumb Exchange

https://thehackernews.com/2019/03/bithumb-cryptocurrency-hacked.html

Thousands of unprotected Kibana instances found exposed on the Internet, leaving many sensitive Elasticsearch databases at risk of getting leaked

https://thehackernews.com/2019/04/kibana-data-security.html

New Apache Web Server Vulnerability Threatens Security of Shared Web Hosts
.

https://thehackernews.com/2019/04/apache-web-server-security.html

The flaw (CVE-2019-0211) could allow less-privileged web host users to execute arbitrary code with root privileges on the targeted servers.

This is Terrible 🤦 Facebook has been caught asking some new users to enter passwords for their registered email accounts to let Facebook automatically access their inboxes and verify the email addresses.

https://thehackernews.com/2019/04/facebook-email-password.html

Researchers publish an in-depth analysis of JS Sniffers, uncovering some new families of credit card-skimming code

https://thehackernews.com/2019/04/js-sniffers-credit-card-hacking.html

Georgia Institute of Technology suffers a massive data breach due to a vulnerability in its web app

https://thehackernews.com/2019/04/georgia-tech-data-breach.html

Attacker(s) allegedly stole personal information of ~1.3 million current and former faculty members, students, staff and student applicants.

Warning — If you have a "private" blog [not self-hosted] with WordPress and are using its official iOS app to manage it, the secret authentication token for your account might have accidentally been leaked to third-party websites

https://thehackernews.com/2019/04/wordpress-ios-security.html

😱 Over 540 Million Facebook User Records Exposed Through Unprotected Amazon Servers

https://thehackernews.com/2019/04/facebook-app-database.html

Breaking — NSA just released the complete source code for its reverse engineering suite GHIDRA version 9.0.2 on Github

https://thehackernews.com/2019/03/ghidra-reverse-engineering-tool.html

PS: Nope, it's not an April Fools joke!

Well, this is ironic. Hackers could turn an Antivirus app pre-installed on over 150 million Xiaomi smartphones into malware


Read more ➤ https://thehackernews.com/2019/04/xiaomi-antivirus-app.html

[New] Breaking — MI Browser app, pre-installed on millions of Xiaomi smartphones, contains an unpatched critical vulnerability (CVE-2019-10875) allowing malicious sites to spoof URLs displayed in the address bar.

Read ➤ https://thehackernews.com/2019/04/xiaomi-browser-vulnerability.html

Microsoft releases first Preview Builds of its new Chromium-powered Edge web browser

https://thehackernews.com/2019/04/chromium-edge-browser.html

Canary and Developer versions are now available for download and testing.

'Exodus' Surveillance #Malware Found Targeting #iOS Users Using Apple's Enterprise Developer Program

https://thehackernews.com/2019/04/exodus-ios-malware.html

Researcher Reveals Multiple Flaws in Verizon Fios Wi-Fi Routers

https://thehackernews.com/2019/04/verizon-wifi-router-security.html

● CVE-2019-3914: Authenticated Command Injection (Root)
● CVE-2019-3915: Login Replay
● CVE-2019-3916: Password Salt disclosure

★ Firmware Patch + PoC Exploit Released

Adobe releases April 2019 security updates to patch a total of 40 vulnerabilities in Flash Player, Acrobat Reader, Shockwave, Other Products.

Read more >> https://thehackernews.com/2019/04/adobe-security-updates.html