<== New ==>

This variant of ComRAT backdoor now leverages Google's Gmail service to covertly receive commands and exfiltrate sensitive data from 'high-target' compromised computers.

Read details here: https://thehackernews.com/2020/05/gmail-malware-hacker.html

Strandhogg 2.0 !!!

A new critical vulnerability (CVE-2020-0096) affects over BILLION ANDROID devices that could let attackers hijack apps installed on targeted devices and steal users' BANKING and other log-in credentials.

Read to learn more:
https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html

Researchers at Qihoo and China's Baidu disrupt a new 'Double Gun' botnet malware campaign that recently managed to infect hundreds of thousands of computers.

Read details: https://thehackernews.com/2020/05/chinese-botnet-malware.html

NEW ~~ Researchers uncovered the real identity of a hacktivist who defaced over 4800 Government and other websites in 40+ countries across the world—and is also a member of the 'Brazilian Cyber Army' hacking group.

Read details: https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html

A New Free Dark Web Monitoring Tool to Measure Your Exposure

Find Details Here: https://thehackernews.com/2020/05/dark-web-monitoring-tool.html

Exclusive – Any MitronApp Account Can Be Hacked in Seconds.

Learn how ➤ https://thehackernews.com/2020/05/titok-mitron-app-hacking.html

The viral TikTok alternative, with over 5 million installations within just 1 month, contains an UNPATCHED auth bypass vulnerability.

It's also untrusted, don't use it.

💪 DABANGG, a fearless attack!

Indian IIT researchers demonstrate a new noise-resilient technique that makes Flush-based Cache attacks more effective against modern Intel and AMD processors.

Read details & watch demos — https://thehackernews.com/2020/05/noise-resilient-flush-attack.html

⚡ A highly critical vulnerability affecting Apple's 'Sign in with Apple' feature could have let attackers hack into anyone's account on 3rd-party service or apps.


Read details here ➤ https://thehackernews.com/2020/05/sign-in-with-apple-hacking.html

Apple paid researcher a whopping $100,000 bug bounty for this flaw.

Joomla Resources Directory (JRD) portal has suffered a data breach affecting thousands of accounts.

https://thehackernews.com/2020/06/joomla-data-breach.html

Affected web developers and service providers are advised to immediately change their passwords.

{NEW} Researchers disclose details + PoC for a critical vulnerability (CVE-2020-3956) in VMware's Cloud Director platform that could let attackers compromise private clouds within an entire infrastructure and access to sensitive information.

https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html

A set of 6 newly patched critical vulnerabilities uncovered in SAP's Sybase ASE database software could grant unprivileged attackers complete control over enterprise databases and the underlying systems.

Details — https://thehackernews.com/2020/06/newly-patched-sap-ase-flaws-could-let.html

IMPORTANT — Make sure you are running the latest version of Zoom video conferencing app on your Windows, macOS or Linux computers.

Two recently patched critical flaws in Zoom could let attackers hack PCs remotely by sending messages via chat.

https://thehackernews.com/2020/06/zoom-video-software-hacking.html

Along with the set of a new malware arsenal used by Chinese hackers targeting south Asian countries, researchers spotted a never-seen-before espionage tool—called USBCulprit—that aims to steal data from air-gapped computers.

https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html

Any user account on the 'secure' Digilocker service (by Indian Government) could have been accessed with an OPT / Password due to a now-patched critical flaw, allowing attackers to steal sensitive documents stored on it.

Details: https://thehackernews.com/2020/06/aadhar-digilocker-hacked.html

(NEW) Magecart hackers implant (still there, unpatched and stealing) digital creditcard skimming code on three emergency services-related content and forum websites via misconfigured Amazon S3 buckets.

Read more: https://thehackernews.com/2020/06/magecart-skimmer-amazon.html

SMBleed — A new security vulnerability (CVE-2020-1206) affects Windows SMBv3 protocol.

Details + PoC: https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html

An unauthenticated attacker (client/server) can also combine it with the "wormable" SMBGhost flaw to achieve RCE attacks.

~ June 2020 Patch Tuesday ~

Microsoft today released security patches for a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating system and related software.

Find details here: https://thehackernews.com/2020/06/windows-update-june.html

The Citizen Lab today outed an Indian IT firm 'BellTroX InfoTech' that was hired by private investigators and commercial clients to hack (and spy on) politicians, investors, journalists, and human rights defenders worldwide.

https://thehackernews.com/2020/06/hacker-for-hire-belltrox-india.html

Modern Intel processors found vulnerable to 2 new, distinct SGX side-channel attacks — "CrossTalk" (CVE-2020-0543) and "SGAxe" — that could let attackers tamper/steal sensitive data guarded within blocks of secured memory (TEE and SGX).

Read more: https://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html

A Bug in Facebook Messenger App for Windows Could've Helped Malware Gain Persistence
https://thehackernews.com/2020/06/facebook-malware-persistence.html

Make Sure You're Running the Latest Updated Version of the Messenger.