💥 URGENT/11

Critical Flaws Found in Widely-Used VxWorks OS for Embedded Systems That Powers Over 2 Billion Devices

➤ https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html

Affected devices include enterprise, SCADA, industrial controllers, patient monitors, MRI machines, firewalls, printers & many more.

🤷🏻 Another week, another massive data breach

Capital One, the 5th largest U.S. credit card issuer, suffered a data breach exposing personal info of more than 100 million credit card applicants in the U.S. & 6 million in Canada.

Details ➤ https://thehackernews.com/2019/07/capital-one-data-breach.html

Google 'Project Zero' researchers disclose details and proof-of-concept (PoC) exploits for 4 remotely exploitable flaws that affect iOS devices and can be triggered just by sending a maliciously-crafted message over #iMessage.

Read 🡆 https://thehackernews.com/2019/07/apple-ios-vulnerabilities.html

⚠️ Patch Your eShops!

Critical security vulnerabilities discovered in 'OXID eShop' eCommerce software let remote hackers take full control over online shopping sites within seconds.

✅ Unauthenticated SQL Injection
✅ RCE

Details ➤ https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

https://thehackernews.com/2019/07/airplane-can-bus-hacking.html

👮 “False Claims Act”

Cisco ‘Knowingly’ Sold Hackable Video Surveillance Technology to Several U.S. Federal & State Government Agencies.

Read ➤ https://thehackernews.com/2019/08/cisco-surveillance-technology.html

To settle the lawsuit, Cisco has now agreed to pay $8.6 Million over failure to meet cybersecurity standards

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html

CVE-2019-13377 ➤ Timing-based side-channel attack against Dragonfly handshake when using Brainpool curves,

CVE-2019-13456 ➤ Information leak bug in FreeRADIUS' EAP-pwd implementation.

Critical Flaws in Qualcomm Chipsets Expose Millions of Android Devices to Over-the-Air Hacking

https://thehackernews.com/2019/08/android-qualcomm-vulnerability.html

U.S. has charged a Pakistani man who bribed AT&T employees to plant malware on the company's network, and illegally, unauthorisedly unlocked over 2 million phones.

Read ➤ https://thehackernews.com/2019/08/sim-device-unlocking-malware.html

💻 SWAPGS Attack [CVE-2019-1125]

A new Spectre (v1) like side-channel vulnerability affects all modern #Intel CPUs that leverage speculative execution.

https://thehackernews.com/2019/08/swapgs-speculative-execution.html

According to Microsoft & Red Hat advisories, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens and encryption keys, that would otherwise be inaccessible.

⚠️ Unpatched / 0-Day

A new flaw in KDE Plasma could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a targeted Linux desktop—without even requiring victim to actually open it.

https://thehackernews.com/2019/08/kde-desktop-linux-vulnerability.html

PoC videos & exploit code released

Someone is reportedly leaking KYC data of #Binance users online and blackmailing the #cryptocurrency exchange to pay 300 Bitcoins (~$3.5 million).



https://thehackernews.com/2019/08/binance-kyc-data-leak.html



Binance is investigating the incident & offering $290,000 bounty to provide identity of the blackmailer.

New high-risk flaws in over 40 hardware drivers (from at least 20 vendors) could let attackers gain most privileged permission on your Windows computer and install persistent backdoors.

Read: https://thehackernews.com/2019/08/windows-driver-vulnerability.html

Affected vendors include ASUS, Toshiba, Intel, NVIDIA & Huawei

🔐 Your Precious Memories Can Get Locked!

Canon’s EOS-series 📷 DSLR and PowerShot cameras are vulnerable to multiple vulnerabilities that could allow hackers to compromise your camera and deploy ransomware remotely.

Read ➤ https://thehackernews.com/2019/08/dslr-camera-hacking.html

☝️Watch video demonstration

Forget Passwords! Here's a fastest way to “Verify It's You”

Chrome for Android users can now securely log-in to certain Google services using their FINGERPRINT👍or other device unlock methods, including pins, pattern or password

Learn more ➤ https://thehackernews.com/2019/08/android-local-user-verification.html

Epic Games Hit With Class-Action Lawsuit Over Hacked 'Fortnite' Accounts
.

https://thehackernews.com/2019/08/epic-games-fortnite-lawsuit.html

On the behalf of over 100 affected users, #lawsuit accuses the company of failing to maintain adequate security measures and notify users of the #security breach in a timely manner.

Cerberus — A New Android “Banking Malware for Rent” Emerges Online

https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html

🔥 Breaking: Google researcher discloses 20-year-old 'unpatched' vulnerabilities affecting all versions of Microsoft Windows—from XP to the latest Windows 10.

Details ➤ https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

It could allow attackers to gain SYSTEM privileges on a targeted PC.

⚡HTTP/2 DoS Attacks

Various widely-used implementations of HTTP/2 protocol have been found vulnerable to multiple denial-of-Service (DoS) vulnerabilities, allowing attackers to easily knock websites running over vulnerable servers OFFLINE.

Details ➤ https://thehackernews.com/2019/08/http2-dos-vulnerability.html

🔥 CVE-2019-9506

A new Bluetooth 'Encryption Key Negotiation' vulnerability lets attackers hijack and spy on encrypted connections.

Read: https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html

The flaw affects a wide-range of Bluetooth-enabled devices including smartphones, laptops, IoTs, and industrial devices.