Researcher took control over a Microsoft-owned subdomain—associated with its "Windows 8 Live Tiles" feature—by exploiting a weakness in Azure Cloud Service & used it to show how hackers could have pushed malicious content to Windows users

https://thehackernews.com/2019/04/subdomain-microsoft-azure.html

Drupal Releases Core CMS Updates to Patch Several "Moderately Critical" Security Vulnerabilities

https://thehackernews.com/2019/04/drupal-security-update.html

Remember when Facebook was recently caught asking its users for their emails' account passwords?

Facebook today admitted that it "unintentionally" used access to 1.5 million users' email accounts and collected their contacts without users' knowledge and consent.

Read more: https://thehackernews.com/2019/04/facebook-email-database.html

Facebook stored millions of Instagram users' passwords in plaintext, not for "tens of thousands" users, a quietly added update to the company's last month blog post revealed today.

https://thehackernews.com/2019/04/instagram-password-plaintext.html

A researcher found full Source Code for CARBANAK banking malware—yes, this time for real—and some of its previously unseen plugins on the VirusTotal that were uploaded two years ago but went unnoticed.

https://thehackernews.com/2019/04/carbanak-malware-source-code.html

by @security_wang

Watch out! Hackers have started exploiting two recently disclosed critical flaws in the 'Social Warfare' plugin for #WordPress.

https://thehackernews.com/2019/04/wordpress-plugin-hacking.html

Although a patched version is available for a month now, thousands of WordPress sites are still using an older version.

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

https://thehackernews.com/2019/04/karkoff-dnspionage-malware.html

Attackers have launched a new malware campaign that first performs reconnaissance on its victims and then choose which targets to infect with the new malware
.

Top U.S. lawmakers has sent an open letter to Google CEO Sundar Pichai asking him to answer 10 important questions about Google's Sensorvault location tracking database

https://thehackernews.com/2019/04/google-location-database.html

Whoops! Facebook's 1st quarter 2019 earnings report reveals that the company is expecting a "record-setting" fine of up to $5 BILLION from the FTC over its mishandling of users' data and #privacy violations in Cambridge Analytica scandal.

https://thehackernews.com/2019/04/facebook-ftc-fine-privacy.html

'Highly Critical' Unpatched Zero-Day RCE Flaw Discovered in Oracle WebLogic Servers

Read More ⮞ https://thehackernews.com/2019/04/oracle-weblogic-hacking.html

[Important] An unpatched arbitrary file upload #vulnerability in a popular WordPress WooCommerce extension—WooCommerce Checkout Manager—has been disclosed publicly that could allow unauthenticated attackers to compromise more than 60,000 e-Commerce sites

https://thehackernews.com/2019/04/wordpress-woocommerce-security.html

New York AG, Canada and Ireland has launched 3 new separate investigations into Facebook’s latest privacy blunders

https://thehackernews.com/2019/04/facebook-privacy-investigation.html

The $5 billion fine seems to be just 1st installment of what Facebook has to pay for continuously ignoring users' privacy

#Docker Hub suffers a data breach,
Exposes sensitive information of 190,000 users,
Users should reset passwords,
GitHub tokens and access keys have been revoked,
Check your GitHub / BitBucket repos for unauthorised access,

https://thehackernews.com/2019/04/docker-hub-data-breach.html

Unsecured Database Exposes Personal Info of 80 Million American Households

https://thehackernews.com/2019/04/america-personal-data.html

Rapidly Growing Electrum DDoS Botnet Infects Over 152,000 Bitcoin Users, and Steals Nearly $4.6 Million in Cryptocurrencies

https://thehackernews.com/2019/04/electrum-bitcoin-wallet-botnet.html

Over Dozen Widely-Used Email Clients Found Vulnerable to Various OpenPGP and S/MIME Email Signature Spoofing Attacks

Read https://thehackernews.com/2019/04/email-signature-spoofing.html

Affected clients [for Windows, Linux, macOS, iOS, Android] include Thunderbird, Outlook, Apple Mail, Trojitá, Airmail

Hackers Found Exploiting Recently Patched Oracle WebLogic RCE Flaw to Infect Still-Vulnerable Servers with "Sodinokibi" and GandCrab Ransomware

https://thehackernews.com/2019/05/ransomware-oracle-weblogic.html

U.S. Department of Homeland Security has ordered all Federal Agencies to patch "critical" vulnerabilities within 15 days ...as the average time b/w discovery and exploitation of new vulnerabilities is continuously decreasing

Read more: https://thehackernews.com/2019/05/dhs-patch-vulnerabilities.html

WikiLeaks founder Julian Assange has been sentenced by UK Court to nearly a year (50 weeks) in jail for skipping bail

https://thehackernews.com/2019/05/julian-assange-jailed.html

Google has introduced a new privacy-focused "auto-delete" option in your accounts that will allow you to automatically delete your "Location History, Web and App Activity" data after a set period of time.

Here's how to enable it ⮞ https://thehackernews.com/2019/05/google-web-location-history.html

—by @Swati_THN