Microsoft Patch Tuesday — April 2019 Updates Released

Latest Windows Update Patches 74 Security Flaws, Including 2 New EoP Zero-Days Already Being Exploited in the Wild

https://thehackernews.com/2019/04/microsoft-patch-updates.html

Researchers Unveil Sophisticated 'TajMahal' APT Malware Framework (80+ Modules) That Remained Undetected for 5 Years

https://thehackernews.com/2019/04/apt-malware-framework.html

🔥 BREAKING — Researchers find several vulnerabilities in the latest WPA3 WiFi security protocol that could allow attackers to hack WiFi passwords using password partitioning attacks

Read More https://thehackernews.com/2019/04/wpa3-hack-wifi-password.html

London Police Has Arrested WikiLeaks Founder "Julian Assange" After Ecuadorian Government Withdraws Asylum

https://thehackernews.com/2019/04/wikileaks-julian-assange-arrested.html

Watch Out! Popular VSDC video editing software website was HACKED (once again) for a month; hackers replaced software download links with the banking and password stealing malware

https://thehackernews.com/2019/04/free-video-editing-malware.html

Matrix—Open Source e2e Encrypted Messaging Project—Suffers Extensive Cyber Attack

https://thehackernews.com/2019/04/encrypted-messenger-cyberattack.html …

Hackers defaced Matrix's site, stole "unencrypted private messages, password hashes, access tokens," and GPG keys the project maintainers used for signing packages.

Hackers Compromised Credentials for Microsoft's Customer Support Panel and Used It to Access Information of Outlook Email Accounts for 3 Months

Read more — https://thehackernews.com/2019/04/microsoft-outlook-email-hack.html

Apache releases security important updates to patch a new Remote Code Execution flaw (CVE-2019-0232) in Apache Tomcat

https://thehackernews.com/2019/04/apache-tomcat-security-flaw.html

Google Helps Police Identify Devices Close to Crime Scenes Using its "SensorVault" Location History Database and Track Narrowed-Down Suspects or Witnesses.

https://thehackernews.com/2019/04/google-location-tracking.html

Researchers discover a new rapidly evolving, rootkit-enabled multifunctional spyware—dubbed SCRANOS—that can steal browser history, cookies, passwords and payment accounts from various services, inject ads, and download new payloads

Read: https://thehackernews.com/2019/04/scranos-rootkit-spyware.html

Google introduces plans to make it more tough for rogue/malware #Android app developers to get back on its Play Store.

https://thehackernews.com/2019/04/android-google-play-store.html

...apparently, a less painful, transparent, but strict and detailed app review process for 1st-time developers.

BREAKING — JustDial, India's Largest Local Search Service, Has Been Found Exposing Over 100 Million Users' Personal Data On the Internet.

https://thehackernews.com/2019/04/justdial-hacked-data-breach.html

Researcher took control over a Microsoft-owned subdomain—associated with its "Windows 8 Live Tiles" feature—by exploiting a weakness in Azure Cloud Service & used it to show how hackers could have pushed malicious content to Windows users

https://thehackernews.com/2019/04/subdomain-microsoft-azure.html

Drupal Releases Core CMS Updates to Patch Several "Moderately Critical" Security Vulnerabilities

https://thehackernews.com/2019/04/drupal-security-update.html

Remember when Facebook was recently caught asking its users for their emails' account passwords?

Facebook today admitted that it "unintentionally" used access to 1.5 million users' email accounts and collected their contacts without users' knowledge and consent.

Read more: https://thehackernews.com/2019/04/facebook-email-database.html

Facebook stored millions of Instagram users' passwords in plaintext, not for "tens of thousands" users, a quietly added update to the company's last month blog post revealed today.

https://thehackernews.com/2019/04/instagram-password-plaintext.html

A researcher found full Source Code for CARBANAK banking malware—yes, this time for real—and some of its previously unseen plugins on the VirusTotal that were uploaded two years ago but went unnoticed.

https://thehackernews.com/2019/04/carbanak-malware-source-code.html

by @security_wang

Watch out! Hackers have started exploiting two recently disclosed critical flaws in the 'Social Warfare' plugin for #WordPress.

https://thehackernews.com/2019/04/wordpress-plugin-hacking.html

Although a patched version is available for a month now, thousands of WordPress sites are still using an older version.

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

https://thehackernews.com/2019/04/karkoff-dnspionage-malware.html

Attackers have launched a new malware campaign that first performs reconnaissance on its victims and then choose which targets to infect with the new malware
.

Top U.S. lawmakers has sent an open letter to Google CEO Sundar Pichai asking him to answer 10 important questions about Google's Sensorvault location tracking database

https://thehackernews.com/2019/04/google-location-database.html