⚠️ Patch Your eShops!

Critical security vulnerabilities discovered in 'OXID eShop' eCommerce software let remote hackers take full control over online shopping sites within seconds.

✅ Unauthenticated SQL Injection
✅ RCE

Details ➤ https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

https://thehackernews.com/2019/07/airplane-can-bus-hacking.html

👮 “False Claims Act”

Cisco ‘Knowingly’ Sold Hackable Video Surveillance Technology to Several U.S. Federal & State Government Agencies.

Read ➤ https://thehackernews.com/2019/08/cisco-surveillance-technology.html

To settle the lawsuit, Cisco has now agreed to pay $8.6 Million over failure to meet cybersecurity standards

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html

CVE-2019-13377 ➤ Timing-based side-channel attack against Dragonfly handshake when using Brainpool curves,

CVE-2019-13456 ➤ Information leak bug in FreeRADIUS' EAP-pwd implementation.

Critical Flaws in Qualcomm Chipsets Expose Millions of Android Devices to Over-the-Air Hacking

https://thehackernews.com/2019/08/android-qualcomm-vulnerability.html

U.S. has charged a Pakistani man who bribed AT&T employees to plant malware on the company's network, and illegally, unauthorisedly unlocked over 2 million phones.

Read ➤ https://thehackernews.com/2019/08/sim-device-unlocking-malware.html

💻 SWAPGS Attack [CVE-2019-1125]

A new Spectre (v1) like side-channel vulnerability affects all modern #Intel CPUs that leverage speculative execution.

https://thehackernews.com/2019/08/swapgs-speculative-execution.html

According to Microsoft & Red Hat advisories, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens and encryption keys, that would otherwise be inaccessible.

⚠️ Unpatched / 0-Day

A new flaw in KDE Plasma could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a targeted Linux desktop—without even requiring victim to actually open it.

https://thehackernews.com/2019/08/kde-desktop-linux-vulnerability.html

PoC videos & exploit code released

Someone is reportedly leaking KYC data of #Binance users online and blackmailing the #cryptocurrency exchange to pay 300 Bitcoins (~$3.5 million).



https://thehackernews.com/2019/08/binance-kyc-data-leak.html



Binance is investigating the incident & offering $290,000 bounty to provide identity of the blackmailer.

New high-risk flaws in over 40 hardware drivers (from at least 20 vendors) could let attackers gain most privileged permission on your Windows computer and install persistent backdoors.

Read: https://thehackernews.com/2019/08/windows-driver-vulnerability.html

Affected vendors include ASUS, Toshiba, Intel, NVIDIA & Huawei

🔐 Your Precious Memories Can Get Locked!

Canon’s EOS-series 📷 DSLR and PowerShot cameras are vulnerable to multiple vulnerabilities that could allow hackers to compromise your camera and deploy ransomware remotely.

Read ➤ https://thehackernews.com/2019/08/dslr-camera-hacking.html

☝️Watch video demonstration

Forget Passwords! Here's a fastest way to “Verify It's You”

Chrome for Android users can now securely log-in to certain Google services using their FINGERPRINT👍or other device unlock methods, including pins, pattern or password

Learn more ➤ https://thehackernews.com/2019/08/android-local-user-verification.html

Epic Games Hit With Class-Action Lawsuit Over Hacked 'Fortnite' Accounts
.

https://thehackernews.com/2019/08/epic-games-fortnite-lawsuit.html

On the behalf of over 100 affected users, #lawsuit accuses the company of failing to maintain adequate security measures and notify users of the #security breach in a timely manner.

Cerberus — A New Android “Banking Malware for Rent” Emerges Online

https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html

🔥 Breaking: Google researcher discloses 20-year-old 'unpatched' vulnerabilities affecting all versions of Microsoft Windows—from XP to the latest Windows 10.

Details ➤ https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

It could allow attackers to gain SYSTEM privileges on a targeted PC.

⚡HTTP/2 DoS Attacks

Various widely-used implementations of HTTP/2 protocol have been found vulnerable to multiple denial-of-Service (DoS) vulnerabilities, allowing attackers to easily knock websites running over vulnerable servers OFFLINE.

Details ➤ https://thehackernews.com/2019/08/http2-dos-vulnerability.html

🔥 CVE-2019-9506

A new Bluetooth 'Encryption Key Negotiation' vulnerability lets attackers hijack and spy on encrypted connections.

Read: https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html

The flaw affects a wide-range of Bluetooth-enabled devices including smartphones, laptops, IoTs, and industrial devices.

A privacy flaw in Kaspersky antivirus products by-default exposed its users to cross-site online tracking—even in incognito mode.

https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

The 4-year-old flaw, CVE-2019-8286, could have allowed online trackers to identify you without even using browser cookies.

This new smartphone app—called "Bluetana"—can quickly detect hidden Bluetooth-enabled #CreditCard skimmers at Gas Pumps and ATMs

https://thehackernews.com/2019/08/credit-card-skimmer-detector.html

Researchers bypass security patches for two severe vulnerabilities that "LibreOffice" attempted to patch in its software with earlier updates.

Read this ➤ https://thehackernews.com/2019/08/libreoffice-patch-update.html

Update LibreOffice (Windows, Linux and macOS) to version 6.2.6/6.3.0 to patch them again.

The European Central Bank (ECB) Shuts Down Its 'BIRD Portal' After Getting Hacked

https://thehackernews.com/2019/08/european-central-bank-hack.html