Microsoft Outlook on the Web is planning to ban 38 more potentially harmful file types (extensions) in e-mail attachments, including Python, PowerShell, Java and Digital Certificate files.

Details ➤ https://thehackernews.com/2019/09/email-attachment-malware.html

DoorDash got hacked!

The food-delivery service confirms a massive data breach that exposes personal data of almost 5 million people, including its customers, delivery workers and merchants.

Details ➤ https://thehackernews.com/2019/09/doordash-data-breach.html

Change your password now.

⚡This is HUGE!

Hacker releases "permanent unpatchable" bootrom jailbreak exploit for all iOS Devices—from iPhone 4s to iPhone X, running on A5 to A11 chips.

Read details ➤ https://thehackernews.com/2019/09/bootrom-jailbreak-ios-exploit.html

🔥 Microsoft warns of a new, rare piece of Node.js-based fileless malware — Nodersok — that leverages legitimate built-in system utilities and trusted third-party tools to fly under the radar, while turning infected machines into zombie proxies.

https://thehackernews.com/2019/09/windows-fileless-malware-attack.html

🔥 Important — More SIM cards are vulnerable to Simjacker attacks than previously disclosed

Details ➤ https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html

Turns out the S@T Browser is not the only dynamic SIM toolkit that could allow remote attackers to compromise phones just by sending SMS.

🔥 Exclusive

Hacker steals over 218 million Zynga’s — Words with Friends — game players' login information, including email IDs and passwords.

https://thehackernews.com/2019/09/zynga-game-hacking.html

Zynga admitted the breach, revealing it also exposed data for another popular game “Draw Something” as well.

👉 CVE-2019-16928

New Critical Exim Vulnerability Exposes Email Servers to Remote Attacks, Potentially Leading to Remote Code Execution (RCE).

Details ➤ https://thehackernews.com/2019/09/exim-email-security-vulnerability.html

Exim Version 4.92.3 Released With Patches. Update Now!

eGobblers Are Back!

Over a Billion Malicious Ad Impressions Exploit a New WebKit Vulnerability to Target Apple Users

Details: https://thehackernews.com/2019/10/malvertising-webkit-hacking.html

⚡🔒📖 PDFex Attacks

Researchers find a new and novel set of hacks to remotely exfiltrate and read the entire content of a password protected or encrypted PDF file without knowing the actual password.

Read Details (PoC Released) — https://thehackernews.com/2019/10/pdf-password-encryption-hacking.html

Popular PDF viewers found vulnerable, including Adobe Acrobat, Foxit, Okular, Nitro Reader and more, as well as those come built-into web Chrome, Firefox and Safari browsers.

Former Yahoo employee admits hacking into over 6000 users' accounts, mostly of younger women, to find sexual images & videos.

https://thehackernews.com/2019/10/yahoo-email-hacking.html

He then also hacked into their iCloud, Gmail, Facebook & other email-connected accounts in search of more private content.

{New} Monitoring 7-month long campaign exposes how Chinese hackers are putting a lot of effort, time and research into continually updating its tactics, techniques and procedures and successfully targeting foreign government organizations.

Read: https://thehackernews.com/2019/10/chinese-hackers-phishing.html

🔥 WhatsApp RCE (CVE-2019-11932)

Just sending a GIF via #WhatsApp could have hacked your Android phone.

Details ➤ https://thehackernews.com/2019/10/whatsapp-rce-vulnerability.html

Vietnamese researcher found a critical flaw that enabled attackers to remotely take control over devices, and steal files and messages.

Google researcher reveals a new Android 0-day flaw that’s being exploited in the wild.

https://thehackernews.com/2019/10/android-kernel-vulnerability.html

The unpatched flaw potentially affects most devices manufactured before April 2018, including popular handsets from Samsung, Huawei, Oppo, Xiaomi, and Pixel 1 & 2.

🔥 New — A bug in Signal messenger app for Android could allow callers to auto-connect audio calls without receivers' interaction and listen to all conversations surrounding the targeted phones.

Details ➤ https://thehackernews.com/2019/10/signal-messenger-bug.html

Tech in Political Tug-of-War ...

Adobe bans Venezuela and cancels subscriptions (without offering refunds) for all of its customers in the Latin American country to comply with economic sanctions imposed by the Trump Administration.

Read: https://thehackernews.com/2019/10/adobe-venezuela-sanctions.html

If you haven't heard this...

vBulletin releases patch update for its forum software to fix new high-severity RCE and SQLi vulnerabilities.

Details and PoC ➤ https://thehackernews.com/2019/10/vBulletin-hacking-exploit.html

Tracked as — CVE-2019-17132 and CVE-2019-17271
Affected Versions — 5.5.4 and prior.

You Gave Your Phone Number to Twitter for 2-Factor Protection and Twitter Used it for Targeted Ads — Accidentally!

Read Details: https://thehackernews.com/2019/10/twitter-advertising-privacy.html

7-year-old critical RCE vulnerability found in the popular iTerm2 macOS terminal app

https://thehackernews.com/2019/10/iterm2-macos-terminal-rce.html

Tracked as CVE-2019-9535, the flaw was discovered as part of a security audit funded by Mozilla Open Source Support Program.

A zero-day vulnerability in Apple's Bonjour app—which comes bundled with iTunes or iCloud for Windows—found actively being exploited in the wild by cybercriminals to evade antivirus detection and infect PCs with BitPaymer ransomware.

Read: https://thehackernews.com/2019/10/apple-bonjour-ransomware.html

UNIX Co-Founder Ken Thompson's 39-Years-Old BSD Password Has Finally Been Cracked.

Any Guesses? HINT is in the picture.

Read ➤ https://thehackernews.com/2019/10/unix-bsd-password-cracked.html

Passwords of over 20 other Unix luminaries—including Dennis Ritchie, Stephen R. Bourne & Eric Schmidt—have also been cracked.