Critical security vulnerabilities found in Ministra IPTV Software that’s currently widely being used by over 1000 Online Streaming Services to manage their millions of subscribers worldwide.

https://thehackernews.com/2019/06/iptv-software-hacking.html

➦ Authentication Bypass
➦ SQL Injection
➦ Object Injection

Chaining them together allows remote attackers to execute commands on a targeted server, extract subscribers’ data, their financial details and stream any content of their choice.

This may sound weird but it's true...

Cryptocurrency firm Komodo itself hacked many of its customers' Agama wallets and unauthorisedly transferred all funds to a safe wallet before hackers could steal them.

Read more: https://thehackernews.com/2019/06/komodo-agama-wallet-hacking.html

A New Gradually Escalating Botnet Campaign Targeting Over 1.5 Million RDP Servers via Distributed Brute Force Attacks

https://thehackernews.com/2019/06/windows-rdp-brute-force.html

Hacker going by the name of SandboxEscaper today discloses a second zero-day exploit that apparently bypasses Microsoft's patch for a Windows EoP vulnerability (CVE-2019-0841)

https://thehackernews.com/2019/06/windows-eop-exploit.html

Beware ⚠️

Your Linux System Can Get Hacked Just by Opening an Innocent Looking Text File With "Vim" or "Neovim" Editor

Read More — https://thehackernews.com/2019/06/linux-vim-vulnerability.html

A new security flaw (CVE-2019-12498) in one of a popular Live Chat Plugin for WordPress sites allows unauthorized remote attackers to steal chat logs and manipulate sessions.

https://thehackernews.com/2019/06/wordpress-live-chat-plugin.html

Over 50,000 businesses use this plugin to provide online customer support.

It's June 2019 Patch Tuesday Week ⭐

Adobe has just released critical security patches for ColdFusion, Flash Player and Adobe Campaign Classic software

Read more — https://thehackernews.com/2019/06/adobe-patch-june.html

Microsoft Releases June 2019 Windows Security Updates to Patch 88 Vulnerabilities

Read more — https://thehackernews.com/2019/06/windows-june-updates.html

➡️ 21 Critical in Severity
➡️ 66 Important (4 Publicly Disclosed)
➡️ 01 Rated Moderate

RAMBleed Attack – Researchers demonstrated a new side-channel attack (CVE-2019-0174) to steal sensitive data from the device memory without actually accessing it.

RAMBleed is based on a well-known class of DRAM Rowhammer attacks; but instead of writing, it allows attackers to read bits from the adjacent rows.

Researchers demonstrated their finding with an attack against OpenSSH 7.9 and extracted an RSA-2048 key from the memory.

Read more: https://thehackernews.com/2019/06/rambleed-dram-attack.html

How fast can you tell if you’re protected? Whether it’s Robbinhood or Ryuk, testing your security controls against a specific threat can be a major showstopper.

Here are your options for checking their effectiveness against clear and present danger — https://thehackernews.com/2019/06/breach-attack-simulation.html

Telegram CEO says the 'Powerful DDoS Attack' it suffered yesterday was 'mostly from China,' suggesting that Beijing might have tried to disrupt protests in Hong Kong

https://thehackernews.com/2019/06/telegram-ddos-attack.html

Major flaw discovered in the popular Evernote extension for Chrome that could have allowed hackers to hijack your web browser remotely and steal sensitive information from any website you visited.

Learn more ➤ https://thehackernews.com/2019/06/evernote-extension-hacking.html

Check out the video demonstration for PoC

Great News! Researchers release a new — GandCrab Ransomware Decryption Tool — that can help affected users unlock files encrypted by any version of GandCrab for free

https://thehackernews.com/2019/06/gandcrab-ransomware-decryption-tool.html

IMPORTANT — If you use Firefox, you need to update it right now.

Mozilla released Firefox 67.0.3 and ESR version 60.7.1 to patch a critical zero-day vulnerability that is being exploited in the wild, allowing attackers to gain control over PCs remotely

https://thehackernews.com/2019/06/mozilla-firefox-patch-update.html

Oracle releases EMERGENCY updates to patch a newly discovered critical RCE vulnerability (CVE-2019-2729) in the Oracle WebLogic Server that is actively being exploited in the wild by attackers

https://thehackernews.com/2019/06/oracle-weblogic-vulnerability.html

Tor Browser 8.5.2 Released — Users Should Immediately Update It to Patch the Newly Discovered Actively-Exploited Firefox RCE Vulnerability

https://thehackernews.com/2019/06/tor-browser-firefox-hack.html

MongoDB introduces an end-to-end Field Level Encryption (FLE) for online databases that would handle crypto operations on clients’ devices, preventing hackers and even administrators from accessing sensitive data in plaintext

Read more ➤ https://thehackernews.com/2019/06/mongodb-fle-data-encryption.html

Using Outlook for Android? — UPDATE it immediately.

Microsoft patches an important flaw in its popular email app [100+ million users] that could allow remote attackers to execute client-side scripts on the targeted app just by sending an email message.

https://thehackernews.com/2019/06/outlook-app-android.html

An important security vulnerability (CVE-2019-12280) in the Support Assistance Software—that comes pre-installed on most Dell computers—affects millions of users.

https://thehackernews.com/2019/06/dells-supportassist-hacking.html

Update Dell SupportAssist to version—
◆ 2.0.1 (for Business PCs)
◆ 3.2.2 (for Home PCs)

This is interesting ➤ Here's a new malware that first launches Linux Virtual Machine (VM) on Windows and macOS systems, and then automatically starts mining software within it... just to take the best of your CPU resources

Read more: https://thehackernews.com/2019/06/emulated-malware.html

Researcher today released PoC for a severe RCE vulnerability in "Outlook for Android" that Microsoft patched just this week—almost 6 month after the initial responsible disclosure.

Read more ➤ https://thehackernews.com/2019/06/microsoft-outlook-vulnerability.html