Your Android Phone Can Get Hacked Just By Playing A Video (PoC Released)

Read more ➤ https://thehackernews.com/2019/07/android-media-framework-hack.html

PoC for a critical RCE flaw in Android, which Google patched just earlier this month, has been released on Github.

However, millions of Android devices haven’t yet received July Security Patches from their respective device manufacturers.

One of the Admins at “Silk Road” Dark Web Marketplace Sentenced to 78 Months in U.S. Prison On Drug Trafficking Charges

https://thehackernews.com/2019/07/silk-road-dark-web-admin.html

Ransomware Attack On Johannesburg’s Power Company Leaves Many Residents of the Biggest South African City in the Dark

https://thehackernews.com/2019/07/cyberattack-power-outage.html

Using #LibreOffice?

Update it!

LibreOffice 6.2.5 release patches two flaws (CVE-2019-9848, CVE-2019-9849) that may allow:

✅ execution of arbitrary python commands silently without warning
✅ inclusion of remote arbitrary content within a document even when 'stealth mode' is enabled

⚠️ Beware, It’s Unpatched.

Just Opening A Document in #LibreOffice Can Hack Your Computer

Read ➤ https://thehackernews.com/2019/07/libreoffice-vulnerability.html …

Researcher Discovers Bypass for Recently Patched Code Execution Flaw (CVE-2019-9848) in LibreOffice.

⚡Breaking

WannaCry 'killer' Marcus Hutchins, a.k.a. MalwareTech, gets "no jail time" and one year of supervised release for creating & selling Kronos malware, the Judge rules describing his good work as "too many positives on the other side of ledger"

https://thehackernews.com/2019/07/marcus-hutchins-sentenced.html

Watch Out! FaceApp Unnecessarily Requests Access to Users' Facebook Friends List

https://thehackernews.com/2019/07/faceapp-facebook-privacy.html

FaceApp had a feature that required this data, which has now been discontinued, but apparently, it still collects Friends List when users chose to "Login with Facebook."

💥 URGENT/11

Critical Flaws Found in Widely-Used VxWorks OS for Embedded Systems That Powers Over 2 Billion Devices

➤ https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html

Affected devices include enterprise, SCADA, industrial controllers, patient monitors, MRI machines, firewalls, printers & many more.

🤷🏻 Another week, another massive data breach

Capital One, the 5th largest U.S. credit card issuer, suffered a data breach exposing personal info of more than 100 million credit card applicants in the U.S. & 6 million in Canada.

Details ➤ https://thehackernews.com/2019/07/capital-one-data-breach.html

Google 'Project Zero' researchers disclose details and proof-of-concept (PoC) exploits for 4 remotely exploitable flaws that affect iOS devices and can be triggered just by sending a maliciously-crafted message over #iMessage.

Read 🡆 https://thehackernews.com/2019/07/apple-ios-vulnerabilities.html

⚠️ Patch Your eShops!

Critical security vulnerabilities discovered in 'OXID eShop' eCommerce software let remote hackers take full control over online shopping sites within seconds.

✅ Unauthenticated SQL Injection
✅ RCE

Details ➤ https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

https://thehackernews.com/2019/07/airplane-can-bus-hacking.html

👮 “False Claims Act”

Cisco ‘Knowingly’ Sold Hackable Video Surveillance Technology to Several U.S. Federal & State Government Agencies.

Read ➤ https://thehackernews.com/2019/08/cisco-surveillance-technology.html

To settle the lawsuit, Cisco has now agreed to pay $8.6 Million over failure to meet cybersecurity standards

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html

CVE-2019-13377 ➤ Timing-based side-channel attack against Dragonfly handshake when using Brainpool curves,

CVE-2019-13456 ➤ Information leak bug in FreeRADIUS' EAP-pwd implementation.

Critical Flaws in Qualcomm Chipsets Expose Millions of Android Devices to Over-the-Air Hacking

https://thehackernews.com/2019/08/android-qualcomm-vulnerability.html

U.S. has charged a Pakistani man who bribed AT&T employees to plant malware on the company's network, and illegally, unauthorisedly unlocked over 2 million phones.

Read ➤ https://thehackernews.com/2019/08/sim-device-unlocking-malware.html

💻 SWAPGS Attack [CVE-2019-1125]

A new Spectre (v1) like side-channel vulnerability affects all modern #Intel CPUs that leverage speculative execution.

https://thehackernews.com/2019/08/swapgs-speculative-execution.html

According to Microsoft & Red Hat advisories, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens and encryption keys, that would otherwise be inaccessible.

⚠️ Unpatched / 0-Day

A new flaw in KDE Plasma could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a targeted Linux desktop—without even requiring victim to actually open it.

https://thehackernews.com/2019/08/kde-desktop-linux-vulnerability.html

PoC videos & exploit code released

Someone is reportedly leaking KYC data of #Binance users online and blackmailing the #cryptocurrency exchange to pay 300 Bitcoins (~$3.5 million).



https://thehackernews.com/2019/08/binance-kyc-data-leak.html



Binance is investigating the incident & offering $290,000 bounty to provide identity of the blackmailer.

New high-risk flaws in over 40 hardware drivers (from at least 20 vendors) could let attackers gain most privileged permission on your Windows computer and install persistent backdoors.

Read: https://thehackernews.com/2019/08/windows-driver-vulnerability.html

Affected vendors include ASUS, Toshiba, Intel, NVIDIA & Huawei

🔐 Your Precious Memories Can Get Locked!

Canon’s EOS-series 📷 DSLR and PowerShot cameras are vulnerable to multiple vulnerabilities that could allow hackers to compromise your camera and deploy ransomware remotely.

Read ➤ https://thehackernews.com/2019/08/dslr-camera-hacking.html

☝️Watch video demonstration