Newly Disclosed #0Day Flaw in Apple's macOS Mojave Lets Hackers Bypass Security and Privacy Protection Features with Synthetic Clicks…. Again!

https://thehackernews.com/2019/06/macOS-synthetic-click.html

Apple Launches Privacy-Focused "Sign in with Apple ID" Feature at #WWDC19

https://thehackernews.com/2019/06/apple-launches-privacy-focused-sign-in.html

It has been designed to prevent users' tracking by hiding their actual email addresses and randomly generate a new unique email address for each different 3rd-party service.

Firefox Web Browser Now Blocks Third-Party Tracking Cookies By Default

https://thehackernews.com/2019/06/firefox-tracking-cookies.html

➦ Enhanced Tracking Protection
➦ Firefox Lockwise [Desktop Extension]
➦ Facebook Container Extension Update

New Unpatched Bug Could Allow Client-Side Attackers to Bypass Windows Lock Screen On RDP Sessions

Read more — https://thehackernews.com/2019/06/rdp-windows-lock-screen.html

All the attacker needs to do is… interrupt the network connectivity of a targeted client system and Tadaaaa...! the lock screen will disappear

Critical security vulnerabilities found in Ministra IPTV Software that’s currently widely being used by over 1000 Online Streaming Services to manage their millions of subscribers worldwide.

https://thehackernews.com/2019/06/iptv-software-hacking.html

➦ Authentication Bypass
➦ SQL Injection
➦ Object Injection

Chaining them together allows remote attackers to execute commands on a targeted server, extract subscribers’ data, their financial details and stream any content of their choice.

This may sound weird but it's true...

Cryptocurrency firm Komodo itself hacked many of its customers' Agama wallets and unauthorisedly transferred all funds to a safe wallet before hackers could steal them.

Read more: https://thehackernews.com/2019/06/komodo-agama-wallet-hacking.html

A New Gradually Escalating Botnet Campaign Targeting Over 1.5 Million RDP Servers via Distributed Brute Force Attacks

https://thehackernews.com/2019/06/windows-rdp-brute-force.html

Hacker going by the name of SandboxEscaper today discloses a second zero-day exploit that apparently bypasses Microsoft's patch for a Windows EoP vulnerability (CVE-2019-0841)

https://thehackernews.com/2019/06/windows-eop-exploit.html

Beware ⚠️

Your Linux System Can Get Hacked Just by Opening an Innocent Looking Text File With "Vim" or "Neovim" Editor

Read More — https://thehackernews.com/2019/06/linux-vim-vulnerability.html

A new security flaw (CVE-2019-12498) in one of a popular Live Chat Plugin for WordPress sites allows unauthorized remote attackers to steal chat logs and manipulate sessions.

https://thehackernews.com/2019/06/wordpress-live-chat-plugin.html

Over 50,000 businesses use this plugin to provide online customer support.

It's June 2019 Patch Tuesday Week ⭐

Adobe has just released critical security patches for ColdFusion, Flash Player and Adobe Campaign Classic software

Read more — https://thehackernews.com/2019/06/adobe-patch-june.html

Microsoft Releases June 2019 Windows Security Updates to Patch 88 Vulnerabilities

Read more — https://thehackernews.com/2019/06/windows-june-updates.html

➡️ 21 Critical in Severity
➡️ 66 Important (4 Publicly Disclosed)
➡️ 01 Rated Moderate

RAMBleed Attack – Researchers demonstrated a new side-channel attack (CVE-2019-0174) to steal sensitive data from the device memory without actually accessing it.

RAMBleed is based on a well-known class of DRAM Rowhammer attacks; but instead of writing, it allows attackers to read bits from the adjacent rows.

Researchers demonstrated their finding with an attack against OpenSSH 7.9 and extracted an RSA-2048 key from the memory.

Read more: https://thehackernews.com/2019/06/rambleed-dram-attack.html

How fast can you tell if you’re protected? Whether it’s Robbinhood or Ryuk, testing your security controls against a specific threat can be a major showstopper.

Here are your options for checking their effectiveness against clear and present danger — https://thehackernews.com/2019/06/breach-attack-simulation.html

Telegram CEO says the 'Powerful DDoS Attack' it suffered yesterday was 'mostly from China,' suggesting that Beijing might have tried to disrupt protests in Hong Kong

https://thehackernews.com/2019/06/telegram-ddos-attack.html

Major flaw discovered in the popular Evernote extension for Chrome that could have allowed hackers to hijack your web browser remotely and steal sensitive information from any website you visited.

Learn more ➤ https://thehackernews.com/2019/06/evernote-extension-hacking.html

Check out the video demonstration for PoC

Great News! Researchers release a new — GandCrab Ransomware Decryption Tool — that can help affected users unlock files encrypted by any version of GandCrab for free

https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html

IMPORTANT — If you use Firefox, you need to update it right now.

Mozilla released Firefox 67.0.3 and ESR version 60.7.1 to patch a critical zero-day vulnerability that is being exploited in the wild, allowing attackers to gain control over PCs remotely

https://thehackernews.com/2019/06/mozilla-firefox-patch-update.html

Oracle releases EMERGENCY updates to patch a newly discovered critical RCE vulnerability (CVE-2019-2729) in the Oracle WebLogic Server that is actively being exploited in the wild by attackers

https://thehackernews.com/2019/06/oracle-weblogic-vulnerability.html

Tor Browser 8.5.2 Released — Users Should Immediately Update It to Patch the Newly Discovered Actively-Exploited Firefox RCE Vulnerability

https://thehackernews.com/2019/06/tor-browser-firefox-hack.html