Members of GozNym cybercrime network—who used a banking malware to steal nearly $100 million from thousands of people—have been sentenced to prison.

Details: https://thehackernews.com/2019/12/goznym-malware-sentenced.html

This hacking group was dismantled by Europol earlier this year.

22-year-old hacker—member of the 'Turkish Crime Family' group who in 2017 threatened #Apple to wipe out 319 million #iCloud accounts and tried to blackmail the company for $100,000 ransom—pleaded guilty and sentenced in London with no jail time.
https://thehackernews.com/2019/12/hacker-who-tried-to-blackmail-apple-for.html

Popular restaurant chain Landry's suffered POS #malware attack on its systems at more than 600 bars, restaurants, hotels, casinos, and beverage outlets that allowed attackers to steal payment card information of *undisclosed* number of its customers.
https://thehackernews.com/2020/01/landry-pos-malware-attack.html

A privacy bug in Xiaomi smart cameras connected to Google's Nest Hub mistakenly streamed surveillance footage of random users with other users.

For now, Google has temporarily disabled Xiaomi devices' access to its Nest Hub and Assistant.

Read more: https://t.co/PQhMx6SCjv

3 Malicious apps distributed via Google Play Store were exploiting a critical Android rooting flaw (CVE-2019-2215) almost 6 months before it was discovered that Israeli surveillance firm NSO Group used the flaw as zero-day
.

Read: https://thehackernews.com/2020/01/android-zero-day-malware-apps.html

{ New } Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

Details + demo ➤ https://thehackernews.com/2020/01/hack-tiktok-account.html

Combining multiple flaws could allow remote attackers to:

✅ Delete/Add any video,
✅ Make private hidden videos public,
✅ Steal personal info.

Attention! Hackers actively exploiting a new critical 0-day bug (CVE-2019-17026) in Firefox that could let remote attackers take complete control over your computers just by tricking you into visiting a malicious site.

Read ➤ https://thehackernews.com/2020/01/firefox-cyberattack.html

Update your browser now!

Watch Out, SysAdmins!

Weaponized PoC exploits for critical RCE vulnerability (CVE-2019-19781) in Citrix ADC and Gateway products have been released to the public.

https://t.co/CPyzL9SBAr

— Over 125,400 publicly accessible Citrix servers,
— No patch available, just mitigation. https://t.co/7vnISlqbWN

Adobe releases its first 2020 Patch Tuesday updates to fix a total of 9 new security vulnerabilities in Adobe Experience Manager and Adobe Illustrator—5 of which are critical.

Read details: https://thehackernews.com/2020/01/adobe-software-updates.html

Install patches at your earliest convenience.

WARNING: Install Latest Windows 10 Updates Immediately!

Microsoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).

Read more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html

Advanced Phishing Protection:

You can now turn your iPhone or iPad into a physical two-factor authentication security key for securely logging into your Google accounts.

Learn how to activate it ➤ https://thehackernews.com/2020/01/google-iphone-security-key.html

It's available to #Android users since last year.

Microsoft issues an advisory warning Windows users of a new zero-day vulnerability in IE web browser that attackers are actively exploiting in the wild — and there's no patch yet available for it.

https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html

Mitigation & workarounds released — Disable JScript.dll

A month after disclosing existence of a critical RCE vulnerability (CVE-2019-19781) in Citrix ADC & Gateway software—also under active ATTACKS—the company finally today released the 1st batch of security patches for versions 11.1 & 12.0

Read ➤ https://thehackernews.com/2020/01/citrix-adc-patch-update.html

Saudi crown prince Mohammed bin Salman 'allegedly' hacked the smartphone of the world's richest man Jeff Bezos by sending him a WhatsApp message containing a malicious video file, a forensic report claims.

https://thehackernews.com/2020/01/saudi-prince-allegedly-hacked-worlds.html

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised.

Unprotected Database Exposed 250 Million Microsoft Customer Support Records Online

https://thehackernews.com/2020/01/microsoft-customer-support.html

⮜ Operation Night Fury ⮞

Interpol arrested 3 Magecart-style Indonesian hackers who compromised hundreds of International e-commerce websites and stole their users' payment card details by implanting JS-sniffers.

https://thehackernews.com/2020/01/indonesian-magecart-hackers.html

Great News! "Off-Facebook Activity" tool is now available to everyone.

Learn how to find which 3rd-party 'websites you visited' or 'apps you used' have shared your activity data with Facebook and also how to delete it.

Read: https://t.co/Pug6vnEjdP

CacheOut (CVE-2020-0549)

Researchers find a new speculative execution vulnerability in Intel CPUs that could let attackers leak targeted sensitive data from OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave.

Details: https://t.co/Rfo61umGx6

Researchers demonstrate how unwelcome guests could have found unique Zoom Meeting IDs & remotely eavesdrop on unprotected private sessions.

https://t.co/KgwQgQttqJ

Zoom now by default 'password protect' all meetings, and offers additional controls to prevent enumeration attack.

🔥 CVE-2020-7247


A new critical vulnerability in the OpenSMTPD mail daemon could let remote attackers take complete control over vulnerable OpenBSD and Linux based e-mail servers by sending specially crafted SMTP messages.


Read: https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html


Patch & PoC released.

Researcher discloses details of two recently patched potentially dangerous flaws in Microsoft Azure that could have let hackers target several businesses running web and mobile apps on the cloud servers.


Read: https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html