Elections are the lifelines of democracy, and so is the balance between transparency and security.

Microsoft today launches Bug Bounty for its open-source ElectionGuard vote verification software, offering up to $15,000 for reporting vulnerabilities.

https://thehackernews.com/2019/10/election-software-hacking.html

42 Adware malware apps identified on Google Play Store—with 8 million downloads—have been traced back to a Vietnamese student.

Details: https://thehackernews.com/2019/10/42-adware-apps-with-8-million-downloads.html

If you have any of the listed apps installed on your Android device, you are advised to uninstall it immediately.

⚡ CPDoS Attack

A new cache poisoning DoS attack lets attackers trick popular CDN services into delivering “error pages” to visitors of a targeted site, instead of the “legitimate content”—just by sending a single HTTP request for each targeted resource.

https://thehackernews.com/2019/10/cdn-cache-poisoning-dos-attack.html

Skip-2.0: A new Microsoft SQL server backdoor malware spotted in the wild that lets remote attackers stealthily connect to any account on a compromised server using a “magic password.”

Read details: https://thehackernews.com/2019/10/mssql-server-backdoor.html

Big 4 mobile carriers in the U.S. — Verizon, AT&T, Sprint and T-Mobile — join forces to replace ancient SMS service with RCS-based enhanced messaging protocol in 2020.

Read ➤ https://thehackernews.com/2019/10/rcs-messaging-sms.html

Here We ADOBE Again!

An Unsecured Adobe’s 'Prototype' Server Exposes Data for 7.5 Million Creative Cloud Users

Read details ➤ https://thehackernews.com/2019/10/adobe-database-leaked.html

CVE-2019-11043 🔥

A new RCE flaw in PHP 7+ could allow attackers to hack sites running on Nginx with php-fpm enabled on certain configurations—which is reportedly not uncommon.

Read Details ➤ https://t.co/coTu2lh1bK

➡️ PHP released patches
➡️ Researcher released PoC exploit

Russian Hackers Spotted Targeting Anti-Doping Agencies Worldwide Ahead of Tokyo 2020 Olympics

https://thehackernews.com/2019/10/cyber-attack-tokyo-olympics.html

Cyber attacks began apparently after the World Anti-Doping Agency warned Russian athletes could face a ban from competing at the Olympics over finding irregularities in a database from Russia's national anti-doping laboratory.

The Pirate Bay torrent search website was recently down for over a week due to a DDoS attack, reportedly launched by sending specially crafted search queries to the buggy open-source text search software used by the website.





https://thehackernews.com/2019/10/the-pirate-bay-down.html

Facebook Sues Infamous Israeli Spyware Firm NSO Group For Hacking WhatsApp Users

https://thehackernews.com/2019/10/whatsapp-nso-group-malware.html

According to a lawsuit filed today, Facebook accused the surveillance firm of its involvement in exploiting a WhatsApp 0-day flaw (in May 2019) to install Pegasus spyware on nearly 1400 targeted Android and iOS devices.

Finally, for the very first time, encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users.

North Korean Hackers Target India's Kudankulam Nuclear Power Plant – Here's Everything We Know So Far

Details ➤ https://thehackernews.com/2019/10/nuclear-power-plant-cyberattack.html

Two hackers — who extorted money from Uber (~ $100,000) and LinkedIn in exchange for promises to delete data of millions of customers they had stolen — have pleaded guilty of the offences charged.

Read ➤ https://thehackernews.com/2019/10/hackers-extorted-money.html

5 Places Where Hackers Are Stealthily Stealing Your Data In 2019

https://thehackernews.com/2019/10/hacking-data-breach-protection.html

Leading Web Domain Name Registrars Disclose Data Breach Incidents Affecting Millions of their Customers.

1️⃣ Web[.]com
2️⃣ Network Solutions
3️⃣ Register[.]com

Details ➤ https://thehackernews.com/2019/10/domain-name-registrars-hacked.html

🔥💬👆

Chinese hackers compromise Telecom servers with a new “MessageTap” malware that spies on SMS messages sent/received by high-ranking individuals with specific phone numbers, IMSI or messages containing certain keywords.

Read details ➤ https://thehackernews.com/2019/10/sms-spying-malware.html

🔥 Watch out! It’s finally happening. Cybersecurity researchers have spotted first cyberattack that’s 'mass-exploiting' BlueKeep RDP flaw in the wild. However, fortunately, this attack isn’t wormable and typically an immature attempt, but still exploits vulnerable systems connected to the Internet to install cryptocurrency malware.

Find more details on THN ➤ https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html

⚡ Watch Out IT Admins!

PoC exploits for two new "unpatched RCE flaws" in rConfig network configuration management tool have been disclosed publicly, allowing unauthenticated remote hackers to compromise targeted servers and subsequent network devices.

https://thehackernews.com/2019/11/rConfig-network-vulnerability.html

In case you missed them, 🙂 here are some interesting cybersecurity stories from last week.

https://www.linkedin.com/pulse/newsletter-last-weeks-top-cyber-security-stories-mohit-kumar

This is interesting...

Hackers can covertly inject inaudible commands into voice controlled devices—Google Home, Alexa, Apple Siri—by shining a laser at them from several meters away.

Read ➤ https://thehackernews.com/2019/11/hacking-voice-assistant-laser.html

✅ OK Google, open the garage door
✅ Hey Siri, unlock my car