👏 Bravo! Google today announced to offer upfront financial support for open-source projects, helping developers to arrange additional resources to prioritize cybersecurity of their software and services.

Read: https://thehackernews.com/2019/12/google-open-source-projects.html

Patch your Drupal websites.

Drupal updates released to patch 1 critical and 3 moderately critical vulnerabilities in the widely used CMS software.

Details: https://thehackernews.com/2019/12/drupal-website-hacking.html

➡️ Data Manipulation
➡️ Denial of Service
➡️ Security Restriction Bypass
➡️ Information Disclosure

* Warning *

If you used your credit or debit card to buy gas or snacks at any Wawa convenience store (over 700), anytime in the past 9 months, your payment card details may have been stolen by cybercriminals using PoS malware.

Read here: https://thehackernews.com/2019/12/wawa-store-hacking.html

🎉 Great news for hackers!

Apple finally opens its invite-only ‘Bug Bounty Program’ to all researchers with increased payouts up to $1.5 million, rewarding for responsibly reporting security vulnerabilities in the latest publicly available versions of iOS, macOS, watchOS, tvOS, iPadOS, and iCloud, and, where relevant, on the latest publicly available hardware.

https://thehackernews.com/2019/12/apple-bug-bounty-program.html

Read more: https://twitter.com/TheHackersNews/status/1208066145326026753

Members of GozNym cybercrime network—who used a banking malware to steal nearly $100 million from thousands of people—have been sentenced to prison.

Details: https://thehackernews.com/2019/12/goznym-malware-sentenced.html

This hacking group was dismantled by Europol earlier this year.

22-year-old hacker—member of the 'Turkish Crime Family' group who in 2017 threatened #Apple to wipe out 319 million #iCloud accounts and tried to blackmail the company for $100,000 ransom—pleaded guilty and sentenced in London with no jail time.
https://thehackernews.com/2019/12/hacker-who-tried-to-blackmail-apple-for.html

Popular restaurant chain Landry's suffered POS #malware attack on its systems at more than 600 bars, restaurants, hotels, casinos, and beverage outlets that allowed attackers to steal payment card information of *undisclosed* number of its customers.
https://thehackernews.com/2020/01/landry-pos-malware-attack.html

A privacy bug in Xiaomi smart cameras connected to Google's Nest Hub mistakenly streamed surveillance footage of random users with other users.

For now, Google has temporarily disabled Xiaomi devices' access to its Nest Hub and Assistant.

Read more: https://t.co/PQhMx6SCjv

3 Malicious apps distributed via Google Play Store were exploiting a critical Android rooting flaw (CVE-2019-2215) almost 6 months before it was discovered that Israeli surveillance firm NSO Group used the flaw as zero-day
.

Read: https://thehackernews.com/2020/01/android-zero-day-malware-apps.html

{ New } Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

Details + demo ➤ https://thehackernews.com/2020/01/hack-tiktok-account.html

Combining multiple flaws could allow remote attackers to:

✅ Delete/Add any video,
✅ Make private hidden videos public,
✅ Steal personal info.

Attention! Hackers actively exploiting a new critical 0-day bug (CVE-2019-17026) in Firefox that could let remote attackers take complete control over your computers just by tricking you into visiting a malicious site.

Read ➤ https://thehackernews.com/2020/01/firefox-cyberattack.html

Update your browser now!

Watch Out, SysAdmins!

Weaponized PoC exploits for critical RCE vulnerability (CVE-2019-19781) in Citrix ADC and Gateway products have been released to the public.

https://t.co/CPyzL9SBAr

— Over 125,400 publicly accessible Citrix servers,
— No patch available, just mitigation. https://t.co/7vnISlqbWN

Adobe releases its first 2020 Patch Tuesday updates to fix a total of 9 new security vulnerabilities in Adobe Experience Manager and Adobe Illustrator—5 of which are critical.

Read details: https://thehackernews.com/2020/01/adobe-software-updates.html

Install patches at your earliest convenience.

WARNING: Install Latest Windows 10 Updates Immediately!

Microsoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).

Read more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html

Advanced Phishing Protection:

You can now turn your iPhone or iPad into a physical two-factor authentication security key for securely logging into your Google accounts.

Learn how to activate it ➤ https://thehackernews.com/2020/01/google-iphone-security-key.html

It's available to #Android users since last year.

Microsoft issues an advisory warning Windows users of a new zero-day vulnerability in IE web browser that attackers are actively exploiting in the wild — and there's no patch yet available for it.

https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html

Mitigation & workarounds released — Disable JScript.dll

A month after disclosing existence of a critical RCE vulnerability (CVE-2019-19781) in Citrix ADC & Gateway software—also under active ATTACKS—the company finally today released the 1st batch of security patches for versions 11.1 & 12.0

Read ➤ https://thehackernews.com/2020/01/citrix-adc-patch-update.html

Saudi crown prince Mohammed bin Salman 'allegedly' hacked the smartphone of the world's richest man Jeff Bezos by sending him a WhatsApp message containing a malicious video file, a forensic report claims.

https://thehackernews.com/2020/01/saudi-prince-allegedly-hacked-worlds.html

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised.

Unprotected Database Exposed 250 Million Microsoft Customer Support Records Online

https://thehackernews.com/2020/01/microsoft-customer-support.html