Facebook launches a new tool ⁠— built on the Data Transfer Project (DTP) framework ⁠— that aims to let users easily and securely transfer their Facebook photos and videos to their Google photos accounts.

Read details: https://thehackernews.com/2019/12/facebook-google-photos-data.html

Beware Android Users! A new unpatched vulnerability — dubbed Strandhogg — in Android could let malicious apps take extensive control over your device & steal your login credentials.

Dozens of apps are already exploiting this flaw in the wild.

Strandhogg attacks are potentially dangerous because:

➡️ it's almost impossible to spot,
➡️ it can hijack any app,
➡️ it can request any device permission,
➡️ it can be exploited without root,
➡️ it works on all versions of Android,
➡️ it doesn't need any special permissions.

Read Details: https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html

⚠️Watch Out! Widely installed Avast and AVG extensions have been caught collecting Chrome and Firefox users' detailed browsing history.

Read: https://thehackernews.com/2019/12/avast-and-avg-browser-plugins.html

Disable or remove these:

➡️ Avast Online Security
➡️ AVG Online Security
➡️ Avast SafePrice
➡️ AVG SafePrice

Operation IOS X 🏴‍☠️

In a coordinated global law enforcement operation, Europol has taken down more than 30,500 websites for distributing counterfeit and pirated items — arrested 3 suspects.

Read: https://thehackernews.com/2019/12/counterfeit-piracy-websites.html

Two new security vulnerabilities discovered in GoAhead Web Server application running on millions of Internet-connected embedded devices.

Read: https://thehackernews.com/2019/12/goahead-web-server-hacking.html

➡️ Code Execution (CVE-2019-5096 )
CVSSv3 Score 9.8

➡️ DoS Flaw (CVE-2019-5097)
CVSSv3 Score 5.3

ZeroCleare, a new destructive data-wiping malware is being used by Iranian state-sponsored hackers to target energy and industrial organizations in the Middle East.

Details: https://thehackernews.com/2019/12/zerocleare-data-wiper-malware.html

New 👇

A critical remote Authentication Bypass (smtpd, ldapd, and radiusd) and 3 other Local Privilege Escalation flaws disclosed in OpenBSD operating system.

Details and PoC — https://thehackernews.com/2019/12/openbsd-authentication-vulnerability.html

➡️ CVE-2019-19521
➡️ CVE-2019-19520
➡️ CVE-2019-19522
➡️ CVE-2019-19519

The United States has charged and put highest-ever $5 million bounty on Russian hackers behind Dridex banking malware.

Read ➤ https://thehackernews.com/2019/12/dridex-russian-hackers-wanted-by-fbi.html

Using Dridex (aka Bugat or Cridex), they stole more than $100 million from victims across the globe over a period of 10 years.

Facebook has sued a Chinese advertising company for abusing its platform to:

➡️ distribute malware,
➡️ compromising its users, and
➡️ then using those hacked accounts to run deceptive Facebook ads to promote counterfeit goods and diet pills.

https://thehackernews.com/2019/12/facebook-account-hacking.html

Important 👉 A new unpatched #vulnerability (CVE-2019-14899) could let network attackers hijack encrypted VPN connections.

Most Linux and Unix-like operating systems are vulnerable, including Ubuntu, Debian, OpenBSD, macOS, iOS, and Android.

https://thehackernews.com/2019/12/linux-vpn-hacking.html

A new variant of Snatch ransomware in the wild now first reboots infected Windows computers in "Safe Mode" and then starts encrypting files to bypass antivirus and avoid detection.

Read details ➤ https://thehackernews.com/2019/12/snatch-ransomware-safe-mode.html

Attention Windows Users!

You should immediately install the latest Microsoft December 2019 updates to patch a total of 36 new vulnerabilities, including a Windows 0-Day exploit that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.

https://thehackernews.com/2019/12/windows-zero-day-patch.html

PlunderVolt ⚡ CVE-2019-11157

Researchers demonstrated a new novel technique that could allow attackers to compromise the integrity of Intel SGX technology on modern processors by tweaking the CPU’s voltage, resulting in easy retrieval sensitive data protected by hardware-isolated SGX enclaves.

Details: https://thehackernews.com/2019/12/intel-sgx-voltage-attack.html

BREAKING: Russian police raided the Moscow-based offices of NGINX — the company behind the world's second most popular web server software — and conducted searches, detained several of their employees, including the creator of Nginx and another co-founder of the company.

https://thehackernews.com/2019/12/nginx-copyright-rumbler.html

A Russian company, named Rambler, claims to own the copyright of the software (which by the way has now been sold to F5 for $670 million) as the creator of Nginx started working on the project while he was working as a system administrator for the company 15 years ago.

🚨 Watch Out!

A new critical login bypass vulnerability has been discovered in 2 widely installed add-ons for Elementor and Beaver builder that attackers are actively exploiting in the wild to install secret backdoors into WordPress sites.

https://thehackernews.com/2019/12/wordpress-elementor-beaver.html

5 Reasons Why Programmers Should Think like Hackers:

1. Incomparable tenacity
2. Doing instead of reading and traditional learning
3. Anticipating potential security breaches
4. Creative thinking and willingness to break out of the mold
5. Having fun!

https://thehackernews.com/2019/12/cybersecurity-for-programmers.html

New: Yet another incredibly frustrating WhatsApp crash 💥 bug could have let anyone crash-loop the app for all members of a group just by dropping a simple message.

Watch demo and read → https://thehackernews.com/2019/12/whatsapp-group-crash.html

Forcing all group members to re-install WhatsApp & loose chat history.

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, suffered a massive data breach exposing personal & medical information of nearly 15 million customers.

https://thehackernews.com/2019/12/lifelabs-data-breach.html

Company said it paid ransom to recover stolen data from hackers.

👏 Bravo! Google today announced to offer upfront financial support for open-source projects, helping developers to arrange additional resources to prioritize cybersecurity of their software and services.

Read: https://thehackernews.com/2019/12/google-open-source-projects.html

Patch your Drupal websites.

Drupal updates released to patch 1 critical and 3 moderately critical vulnerabilities in the widely used CMS software.

Details: https://thehackernews.com/2019/12/drupal-website-hacking.html

➡️ Data Manipulation
➡️ Denial of Service
➡️ Security Restriction Bypass
➡️ Information Disclosure

* Warning *

If you used your credit or debit card to buy gas or snacks at any Wawa convenience store (over 700), anytime in the past 9 months, your payment card details may have been stolen by cybercriminals using PoS malware.

Read here: https://thehackernews.com/2019/12/wawa-store-hacking.html