Experts Warn → A flaw in modern #Android-based smartphones (Samsung, LG, Huawei, LG) could let remote attackers access all your emails and other insecurely communicated web content with an advanced SMS-based phishing attack.

Details ➤ https://thehackernews.com/2019/09/just-sms-could-let-remote-attackers.html

Twitter "temporarily" disables a feature—called Tweeting via SMS—which recently helped hackers post a series of racist and offensive tweets from the account of #Twitter CEO Jack Dorsey.

Details ➤ https://thehackernews.com/2019/09/tweet-via-sms-text-message-hacking.html

Google has finally agreed to pay $170 million fine to settle allegations that its 'YouTube for Kids' service earned millions by illegally harvesting personal information from children without their parents’ consent.

Read more — https://thehackernews.com/2019/09/youtube-kids-privacy-fine.html

The tech intended to ensure the security of your kids could inadvertently expose them to stalkers.

Researchers discover security flaws in widely used GPS tracking devices that could expose real-time location of over 600,000 users to remote attackers.

https://thehackernews.com/2019/09/gps-tracking-device-for-kids.html

Do you Speak PHP?

Latest versions of PHP programming language (7.3.9 , 7.2.22 and 7.1.32) contain patches for some high-severity vulnerabilities, most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers.

https://thehackernews.com/2019/09/php-programming-language.html

🔥 Heads Up!

A new Exim TLS vulnerability (CVE-2019-15846) opens at least over half-a-million email ✉ servers to remote "root" code execution attacks.

Read details ➤ https://thehackernews.com/2019/09/exim-email-server-vulnerability.html

Exim project releases version 4.92.2 to patch the issue.

⚡ A Summer of Discontent—The Hottest Malware Hits

Here's a recap of the most burning malware strains and trends seen in the wild during the months of July and August 2019.

Read ➤ https://thehackernews.com/2019/09/its-been-summer-of-ransomware-hold-ups.html

Facebook patches two 'memory disclosure' vulnerabilities (CVE-2019-11925 and CVE-2019-11926) in its servers running open-source HHVM, which could have been exploited by uploading maliciously constructed JPEG image files.

Read — https://thehackernews.com/2019/09/facebook-hhvm-vulnerability.html

New HHVM versions released

A newly discovered backdoor malware—linked to Stealth Falcon state-sponsored cyber-espionage group—uses Windows built-in BITS protocol to stealthily communicate and exfiltrate data to its remote C&C servers.

https://thehackernews.com/2019/09/stealthfalcon-virus-windows-bits.html

It's Patch Tuesday!

Adobe releases security updates that patch 2 critical vulnerabilities in #Adobe Flash Player and an important arbitrary code execution flaw in Adobe Application Manager (AAM).

https://thehackernews.com/2019/09/adobe-security-updates.html

New Vulnerabilities — Some D-Link WiFi Router and Comba Access Controller models leak their administrative panel passwords in plaintext

Details: https://thehackernews.com/2019/09/router-password-hacking.html

Windows Users, Get Your CAPS ON!

Microsoft Releases—September 2019 Patch Tuesday—Updates to Patch 17 Critical (and Other Important) Flaws in its Software, of Which 4 RCE Vulnerabilities Affect Windows RDP Client.

Details ➤ https://thehackernews.com/2019/09/microsoft-windows-update.html

Operation reWired — Hundreds of email scammers arrested in Nigeria and the United States as part of a joint Law Enforcement effort to disrupt a massive multi-billion dollar scheme.

Details: https://thehackernews.com/2019/09/nigerian-bec-scams-arrested.html

Google to experiment 'DNS over HTTPS' (DoH) privacy feature in its upcoming Chrome 78 release.

Details — https://thehackernews.com/2019/09/chrome-dns-over-https.html

Unlike Firefox, Chrome’s implementation will enable DoH only when the user’s current DNS provider is among a list of DoH-compatible providers.

🐱 NetCAT Attack

Cybersecurity researchers demonstrate a new side-channel vulnerability that could allow network-based hackers to remotely steal sensitive data from modern Intel CPUs solely sending specially crafted network packets

Details ➤ https://thehackernews.com/2019/09/netcat-intel-side-channel.html

💥 SimJacker Vulnerability (0-day under active attack)

A new SIM card-based flaw could allow remote attackers to hijack and spy on any phone just by sending an SMS – regardless of which handset the victim is using.

Read details — https://thehackernews.com/2019/09/simjacker-mobile-hacking.html

What’s more worrisome?

According to researchers, a specific private company that works with Governments is actively exploiting SimJacker vulnerability for at least 2 years to conduct targeted surveillance on mobile phone users across several countries.

😬 Yikes!

iOS13 will be released to the public next week—but with an iPhone lockscreen bypass vulnerability that Apple left unpatched even after the bug was reported privately 2 months ago.

Learn how it works ➤ https://thehackernews.com/2019/09/ios-13-lockscreen-bypass.html

Over 120 new high-severity vulnerabilities discovered in routers (business, industrial and home) and NAS devices from popular brands—including ASUS, Seagate, QNAP, Lenovo, Netgear, Xiaomi and many others.

Read details here: https://thehackernews.com/2019/09/hacking-soho-routers.html

Be careful, It’s unpatched!

Turns out 'Delete for Everyone' feature in WhatsApp doesn’t actually delete sent pictures/videos from recipients’ iPhone (with default settings), leaving millions of non-iOS users with a false sense of privacy.

Details ➤ https://thehackernews.com/2019/09/whatsapp-delete-for-everyone-privacy.html

Warning — Thousands of Google Calendars are, intentionally or unintentionally, leaking private information quietly on the Internet, allowing anyone to not only access sensitive details but also add new events with maliciously crafted info & links.

https://thehackernews.com/2019/09/google-calendar-search.html