📢 Watch Out!

Researchers spotted a new malware that automatically replace legitimate popular Android apps⁠—⁠WhatsApp, JioTV, AppLock, HotStar, Flipkart, Truecaller—installed on your device with modified malicious versions of them.

Learn more: https://thehackernews.com/2019/07/whatsapp-android-malware.html

Learn how using a Cybersecurity Frameworks can help your organization become more focused on protecting its critical assets.https://thehackernews.com/2019/07/best-cybersecurity-frameworks.html

In case you missed it...

New ransomware targeting QNAP network-attached storage devices https://thehackernews.com/2019/07/ransomware-nas-devices.html

—Tips—

✅ Use Strong Passwords
✅ Enable Network Access Protection
✅ Enable System Connection Logs
✅ Disable Unrequired Services
✅ Disable "Searchable"

Facebook to Pay Record $5 Billion Fine to Settle FTC’s Privacy Investigation Into Cambridge Analytica Scandal

Read More: https://thehackernews.com/2019/07/facebook-data-privacy-ftc.html

Mozilla releases Grizzly, a cross-platform browser fuzzing framework designed to allow fuzzer developers to focus solely on writing fuzzers and not worry about the overhead of creating tools and scripts

https://github.com/MozillaSecurity/grizzly

Supported by Linux, MacOS and Windows are supported

📢 PoC Confirmed : CVE-2019-13567

Besides the video privacy bug disclosed earlier this week, insecure local web-server installed by Zoom software also left Mac computers vulnerable to a critical Remote Code Execution (RCE) flaw

Read ➤ https://thehackernews.com/2019/07/zoom-video-conferencing-hacking.html

—by @unix_root

😱 This vulnerability could have allowed hackers to hack any Instagram account within 10 minutes—no user interaction required.

https://thehackernews.com/2019/07/hack-instagram-accounts.html

Facebook rewarded researcher with $30,000 bug bounty for helping it find and fix this critical loophole.

Interesting Attack Scenario:

Researchers explain how iOS "URL Scheme" could allow app-in-the-middle attackers to steal secret login-tokens from your social accounts, trigger unauthorized payments, or perform other actions.

Learn More ➤ https://thehackernews.com/2019/07/ios-custom-url-scheme.html

Not Just Zoom video conferencing software… it’s popular white-labelled rebranded versions — RingCentral and Zhumu — also install a hidden local web-server on macOS systems, which are also vulnerable to RCE and WebCam privacy flaws

https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html

PoC Video Released

⚠️ Turn This OFF…

A default setting on WhatsApp messenger could allow malicious apps installed on your device to manipulate incoming media files, and spread fake news or scam you into sending payments to the wrong account.

Learn more ➤ https://thehackernews.com/2019/07/media-files-whatsapp-telegram.html

Dubbed “Media File Jacking,” the attack also works against Telegram for Android.

🔊 Spearphone

A New Side-Channel Attack Lets Android Apps Eavesdrop On Loudspeaker Data Using Accelerometer Motion Sensor—Without Requiring Any Device Permission.

Learn More ➤ https://thehackernews.com/2019/07/android-side-channel-attacks.html

😈 EvilGnome

Security researchers discovered a new Linux backdoor implant that spies on Linux desktop users and is currently undetected across all major antivirus security software products

https://thehackernews.com/2019/07/linux-gnome-spyware.html

Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal & financial information of 5 million taxpayers — 70% of Bulgaria population — after a hacker stole 21GB of databases from National Tax Agency

https://thehackernews.com/2019/07/bulgaria-nra-data-breach.html

Slack Resets Passwords For Lazy Users Who Hadn't Changed It Since 2015 Data Breach

Read More ➤ https://thehackernews.com/2019/07/slack-password-data-breach.html

Why after 4-years? Because company recently became aware of a list containing valid username and password combinations for those Slack users.

Important ➤ Kazakhstan Government begins "forceful" interception and monitoring of encrypted HTTPS Internet traffic for all its citizens.

On Government's instructions, all Internet Service Providers (ISPs) in #Kazakhstan has made it mandatory for their customers to install a Government-issued "root certificate" on their devices (laptop/tablets/smartphones) to regain access to #HTTPS websites.

The root certificate in question, labeled as "trusted certificate" or "national security certificate," if installed, allows ISPs to intercept and monitor users' encrypted HTTPS and TLS connections, helping the government spy on their citizens and censor content.

Learn more: https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html

Credit rating agency Equifax will pay up to $700 million in fines as part of a massive settlement over the company's 2017 data breach.

https://thehackernews.com/2019/07/equifax-data-breach-fine.html

Severe RCE vulnerability (CVE-2019-12815) disclosed in the popular ProFTPD (FTP server) — affecting over 1 million servers

Read ➤ https://thehackernews.com/2019/07/linux-ftp-server-security.html

Ex-contractor at Siemens pleads guilty to planting 'self-destructing logic bomb' into spreadsheets and earn extra income by offering support when the code sets off

https://thehackernews.com/2019/07/siemens-logic-bomb.html

He is currently facing 10 years in prison and/or up to $ 250,000 in fine.

Facebook has agreed to pay $5 billion fine and accepted a 20-year-long "Privacy Program" agreement under FTC oversight—which includes some major structural changes to strengthen its #privacy practices and hold the company accountable.

https://thehackernews.com/2019/07/ftc-facebook-privacy-program.html

What do you think?

⚠️ Watch Out!

Google Play, PornHub, Signal, UC Browser, or Skype installed on your smartphones could be a ‘Russian’ spy tool.

A New Advanced Android Surveillance Malware Discovered in the Wild—Created by Russian Defense Contractor STC.

Read ➤ https://thehackernews.com/2019/07/russian-android-spying-apps.html