⚠️ Turn This OFF…

A default setting on WhatsApp messenger could allow malicious apps installed on your device to manipulate incoming media files, and spread fake news or scam you into sending payments to the wrong account.

Learn more ➤ https://thehackernews.com/2019/07/media-files-whatsapp-telegram.html

Dubbed “Media File Jacking,” the attack also works against Telegram for Android.

🔊 Spearphone

A New Side-Channel Attack Lets Android Apps Eavesdrop On Loudspeaker Data Using Accelerometer Motion Sensor—Without Requiring Any Device Permission.

Learn More ➤ https://thehackernews.com/2019/07/android-side-channel-attacks.html

😈 EvilGnome

Security researchers discovered a new Linux backdoor implant that spies on Linux desktop users and is currently undetected across all major antivirus security software products

https://thehackernews.com/2019/07/linux-gnome-spyware.html

Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal & financial information of 5 million taxpayers — 70% of Bulgaria population — after a hacker stole 21GB of databases from National Tax Agency

https://thehackernews.com/2019/07/bulgaria-nra-data-breach.html

Slack Resets Passwords For Lazy Users Who Hadn't Changed It Since 2015 Data Breach

Read More ➤ https://thehackernews.com/2019/07/slack-password-data-breach.html

Why after 4-years? Because company recently became aware of a list containing valid username and password combinations for those Slack users.

Important ➤ Kazakhstan Government begins "forceful" interception and monitoring of encrypted HTTPS Internet traffic for all its citizens.

On Government's instructions, all Internet Service Providers (ISPs) in #Kazakhstan has made it mandatory for their customers to install a Government-issued "root certificate" on their devices (laptop/tablets/smartphones) to regain access to #HTTPS websites.

The root certificate in question, labeled as "trusted certificate" or "national security certificate," if installed, allows ISPs to intercept and monitor users' encrypted HTTPS and TLS connections, helping the government spy on their citizens and censor content.

Learn more: https://thehackernews.com/2019/07/kazakhstan-https-security-certificate.html

Credit rating agency Equifax will pay up to $700 million in fines as part of a massive settlement over the company's 2017 data breach.

https://thehackernews.com/2019/07/equifax-data-breach-fine.html

Severe RCE vulnerability (CVE-2019-12815) disclosed in the popular ProFTPD (FTP server) — affecting over 1 million servers

Read ➤ https://thehackernews.com/2019/07/linux-ftp-server-security.html

Ex-contractor at Siemens pleads guilty to planting 'self-destructing logic bomb' into spreadsheets and earn extra income by offering support when the code sets off

https://thehackernews.com/2019/07/siemens-logic-bomb.html

He is currently facing 10 years in prison and/or up to $ 250,000 in fine.

Facebook has agreed to pay $5 billion fine and accepted a 20-year-long "Privacy Program" agreement under FTC oversight—which includes some major structural changes to strengthen its #privacy practices and hold the company accountable.

https://thehackernews.com/2019/07/ftc-facebook-privacy-program.html

What do you think?

⚠️ Watch Out!

Google Play, PornHub, Signal, UC Browser, or Skype installed on your smartphones could be a ‘Russian’ spy tool.

A New Advanced Android Surveillance Malware Discovered in the Wild—Created by Russian Defense Contractor STC.

Read ➤ https://thehackernews.com/2019/07/russian-android-spying-apps.html

⚠️ WatchBog

Rapidly spreading multi-module Linux botnet now also scans for Windows computers and adds systems vulnerable to BlueKeep RDP flaw to its future target list.

Read details ➤ https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html

☠️ Doppelgänging Attack

NEW—Several popular malware families, including FormBook, LokiBot, SmokeLoader and GandCrab, have been found using 7 distinct versions of "loaders" that exploit fileless 'Process Doppelgänging' technique to evade detection

Read ➤ https://thehackernews.com/2019/07/process-doppelganging-malware.html

Your Android Phone Can Get Hacked Just By Playing A Video (PoC Released)

Read more ➤ https://thehackernews.com/2019/07/android-media-framework-hack.html

PoC for a critical RCE flaw in Android, which Google patched just earlier this month, has been released on Github.

However, millions of Android devices haven’t yet received July Security Patches from their respective device manufacturers.

One of the Admins at “Silk Road” Dark Web Marketplace Sentenced to 78 Months in U.S. Prison On Drug Trafficking Charges

https://thehackernews.com/2019/07/silk-road-dark-web-admin.html

Ransomware Attack On Johannesburg’s Power Company Leaves Many Residents of the Biggest South African City in the Dark

https://thehackernews.com/2019/07/cyberattack-power-outage.html

Using #LibreOffice?

Update it!

LibreOffice 6.2.5 release patches two flaws (CVE-2019-9848, CVE-2019-9849) that may allow:

✅ execution of arbitrary python commands silently without warning
✅ inclusion of remote arbitrary content within a document even when 'stealth mode' is enabled

⚠️ Beware, It’s Unpatched.

Just Opening A Document in #LibreOffice Can Hack Your Computer

Read ➤ https://thehackernews.com/2019/07/libreoffice-vulnerability.html …

Researcher Discovers Bypass for Recently Patched Code Execution Flaw (CVE-2019-9848) in LibreOffice.

⚡Breaking

WannaCry 'killer' Marcus Hutchins, a.k.a. MalwareTech, gets "no jail time" and one year of supervised release for creating & selling Kronos malware, the Judge rules describing his good work as "too many positives on the other side of ledger"

https://thehackernews.com/2019/07/marcus-hutchins-sentenced.html

Watch Out! FaceApp Unnecessarily Requests Access to Users' Facebook Friends List

https://thehackernews.com/2019/07/faceapp-facebook-privacy.html

FaceApp had a feature that required this data, which has now been discontinued, but apparently, it still collects Friends List when users chose to "Login with Facebook."