Facebook has sued a Chinese advertising company for abusing its platform to:

➡️ distribute malware,
➡️ compromising its users, and
➡️ then using those hacked accounts to run deceptive Facebook ads to promote counterfeit goods and diet pills.

https://thehackernews.com/2019/12/facebook-account-hacking.html

Important 👉 A new unpatched #vulnerability (CVE-2019-14899) could let network attackers hijack encrypted VPN connections.

Most Linux and Unix-like operating systems are vulnerable, including Ubuntu, Debian, OpenBSD, macOS, iOS, and Android.

https://thehackernews.com/2019/12/linux-vpn-hacking.html

A new variant of Snatch ransomware in the wild now first reboots infected Windows computers in "Safe Mode" and then starts encrypting files to bypass antivirus and avoid detection.

Read details ➤ https://thehackernews.com/2019/12/snatch-ransomware-safe-mode.html

Attention Windows Users!

You should immediately install the latest Microsoft December 2019 updates to patch a total of 36 new vulnerabilities, including a Windows 0-Day exploit that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.

https://thehackernews.com/2019/12/windows-zero-day-patch.html

PlunderVolt ⚡ CVE-2019-11157

Researchers demonstrated a new novel technique that could allow attackers to compromise the integrity of Intel SGX technology on modern processors by tweaking the CPU’s voltage, resulting in easy retrieval sensitive data protected by hardware-isolated SGX enclaves.

Details: https://thehackernews.com/2019/12/intel-sgx-voltage-attack.html

BREAKING: Russian police raided the Moscow-based offices of NGINX — the company behind the world's second most popular web server software — and conducted searches, detained several of their employees, including the creator of Nginx and another co-founder of the company.

https://thehackernews.com/2019/12/nginx-copyright-rumbler.html

A Russian company, named Rambler, claims to own the copyright of the software (which by the way has now been sold to F5 for $670 million) as the creator of Nginx started working on the project while he was working as a system administrator for the company 15 years ago.

🚨 Watch Out!

A new critical login bypass vulnerability has been discovered in 2 widely installed add-ons for Elementor and Beaver builder that attackers are actively exploiting in the wild to install secret backdoors into WordPress sites.

https://thehackernews.com/2019/12/wordpress-elementor-beaver.html

5 Reasons Why Programmers Should Think like Hackers:

1. Incomparable tenacity
2. Doing instead of reading and traditional learning
3. Anticipating potential security breaches
4. Creative thinking and willingness to break out of the mold
5. Having fun!

https://thehackernews.com/2019/12/cybersecurity-for-programmers.html

New: Yet another incredibly frustrating WhatsApp crash 💥 bug could have let anyone crash-loop the app for all members of a group just by dropping a simple message.

Watch demo and read → https://thehackernews.com/2019/12/whatsapp-group-crash.html

Forcing all group members to re-install WhatsApp & loose chat history.

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, suffered a massive data breach exposing personal & medical information of nearly 15 million customers.

https://thehackernews.com/2019/12/lifelabs-data-breach.html

Company said it paid ransom to recover stolen data from hackers.

👏 Bravo! Google today announced to offer upfront financial support for open-source projects, helping developers to arrange additional resources to prioritize cybersecurity of their software and services.

Read: https://thehackernews.com/2019/12/google-open-source-projects.html

Patch your Drupal websites.

Drupal updates released to patch 1 critical and 3 moderately critical vulnerabilities in the widely used CMS software.

Details: https://thehackernews.com/2019/12/drupal-website-hacking.html

➡️ Data Manipulation
➡️ Denial of Service
➡️ Security Restriction Bypass
➡️ Information Disclosure

* Warning *

If you used your credit or debit card to buy gas or snacks at any Wawa convenience store (over 700), anytime in the past 9 months, your payment card details may have been stolen by cybercriminals using PoS malware.

Read here: https://thehackernews.com/2019/12/wawa-store-hacking.html

🎉 Great news for hackers!

Apple finally opens its invite-only ‘Bug Bounty Program’ to all researchers with increased payouts up to $1.5 million, rewarding for responsibly reporting security vulnerabilities in the latest publicly available versions of iOS, macOS, watchOS, tvOS, iPadOS, and iCloud, and, where relevant, on the latest publicly available hardware.

https://thehackernews.com/2019/12/apple-bug-bounty-program.html

Read more: https://twitter.com/TheHackersNews/status/1208066145326026753

Members of GozNym cybercrime network—who used a banking malware to steal nearly $100 million from thousands of people—have been sentenced to prison.

Details: https://thehackernews.com/2019/12/goznym-malware-sentenced.html

This hacking group was dismantled by Europol earlier this year.

22-year-old hacker—member of the 'Turkish Crime Family' group who in 2017 threatened #Apple to wipe out 319 million #iCloud accounts and tried to blackmail the company for $100,000 ransom—pleaded guilty and sentenced in London with no jail time.
https://thehackernews.com/2019/12/hacker-who-tried-to-blackmail-apple-for.html

Popular restaurant chain Landry's suffered POS #malware attack on its systems at more than 600 bars, restaurants, hotels, casinos, and beverage outlets that allowed attackers to steal payment card information of *undisclosed* number of its customers.
https://thehackernews.com/2020/01/landry-pos-malware-attack.html

A privacy bug in Xiaomi smart cameras connected to Google's Nest Hub mistakenly streamed surveillance footage of random users with other users.

For now, Google has temporarily disabled Xiaomi devices' access to its Nest Hub and Assistant.

Read more: https://t.co/PQhMx6SCjv

3 Malicious apps distributed via Google Play Store were exploiting a critical Android rooting flaw (CVE-2019-2215) almost 6 months before it was discovered that Israeli surveillance firm NSO Group used the flaw as zero-day
.

Read: https://thehackernews.com/2020/01/android-zero-day-malware-apps.html