WARNING: Install Latest Windows 10 Updates Immediately!
Microsoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).
Read more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html
Microsoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).
Read more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html
Advanced Phishing Protection:
You can now turn your iPhone or iPad into a physical two-factor authentication security key for securely logging into your Google accounts.
Learn how to activate it ➤ https://thehackernews.com/2020/01/google-iphone-security-key.html
It's available to #Android users since last year.
You can now turn your iPhone or iPad into a physical two-factor authentication security key for securely logging into your Google accounts.
Learn how to activate it ➤ https://thehackernews.com/2020/01/google-iphone-security-key.html
It's available to #Android users since last year.
Microsoft issues an advisory warning Windows users of a new zero-day vulnerability in IE web browser that attackers are actively exploiting in the wild — and there's no patch yet available for it.
https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html
Mitigation & workarounds released — Disable JScript.dll
https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html
Mitigation & workarounds released — Disable JScript.dll
A month after disclosing existence of a critical RCE vulnerability (CVE-2019-19781) in Citrix ADC & Gateway software—also under active ATTACKS—the company finally today released the 1st batch of security patches for versions 11.1 & 12.0
Read ➤ https://thehackernews.com/2020/01/citrix-adc-patch-update.html
Read ➤ https://thehackernews.com/2020/01/citrix-adc-patch-update.html
👍1
Saudi crown prince Mohammed bin Salman 'allegedly' hacked the smartphone of the world's richest man Jeff Bezos by sending him a WhatsApp message containing a malicious video file, a forensic report claims.
https://thehackernews.com/2020/01/saudi-prince-allegedly-hacked-worlds.html
https://thehackernews.com/2020/01/saudi-prince-allegedly-hacked-worlds.html
If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised.
Unprotected Database Exposed 250 Million Microsoft Customer Support Records Online
https://thehackernews.com/2020/01/microsoft-customer-support.html
Unprotected Database Exposed 250 Million Microsoft Customer Support Records Online
https://thehackernews.com/2020/01/microsoft-customer-support.html
⮜ Operation Night Fury ⮞
Interpol arrested 3 Magecart-style Indonesian hackers who compromised hundreds of International e-commerce websites and stole their users' payment card details by implanting JS-sniffers.
https://thehackernews.com/2020/01/indonesian-magecart-hackers.html
Interpol arrested 3 Magecart-style Indonesian hackers who compromised hundreds of International e-commerce websites and stole their users' payment card details by implanting JS-sniffers.
https://thehackernews.com/2020/01/indonesian-magecart-hackers.html
Great News! "Off-Facebook Activity" tool is now available to everyone.
Learn how to find which 3rd-party 'websites you visited' or 'apps you used' have shared your activity data with Facebook and also how to delete it.
Read: https://t.co/Pug6vnEjdP
Learn how to find which 3rd-party 'websites you visited' or 'apps you used' have shared your activity data with Facebook and also how to delete it.
Read: https://t.co/Pug6vnEjdP
CacheOut (CVE-2020-0549)
Researchers find a new speculative execution vulnerability in Intel CPUs that could let attackers leak targeted sensitive data from OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave.
Details: https://t.co/Rfo61umGx6
Researchers find a new speculative execution vulnerability in Intel CPUs that could let attackers leak targeted sensitive data from OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave.
Details: https://t.co/Rfo61umGx6
Researchers demonstrate how unwelcome guests could have found unique Zoom Meeting IDs & remotely eavesdrop on unprotected private sessions.
https://t.co/KgwQgQttqJ
Zoom now by default 'password protect' all meetings, and offers additional controls to prevent enumeration attack.
https://t.co/KgwQgQttqJ
Zoom now by default 'password protect' all meetings, and offers additional controls to prevent enumeration attack.
🔥 CVE-2020-7247
A new critical vulnerability in the OpenSMTPD mail daemon could let remote attackers take complete control over vulnerable OpenBSD and Linux based e-mail servers by sending specially crafted SMTP messages.
Read: https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html
Patch & PoC released.
A new critical vulnerability in the OpenSMTPD mail daemon could let remote attackers take complete control over vulnerable OpenBSD and Linux based e-mail servers by sending specially crafted SMTP messages.
Read: https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html
Patch & PoC released.
Researcher discloses details of two recently patched potentially dangerous flaws in Microsoft Azure that could have let hackers target several businesses running web and mobile apps on the cloud servers.
Read: https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html
Read: https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html
Yet Another Sudo Vulnerability!
When 'pwfeedback' is enabled, a new Sudo bug could let low privileged Linux & macOS users (or malicious programs) execute arbitrary commands with 'root' privileges.
Details for CVE-2019-18634 ➤ https://thehackernews.com/2020/02/sudo-linux-vulnerability.html
When 'pwfeedback' is enabled, a new Sudo bug could let low privileged Linux & macOS users (or malicious programs) execute arbitrary commands with 'root' privileges.
Details for CVE-2019-18634 ➤ https://thehackernews.com/2020/02/sudo-linux-vulnerability.html
👍1
Twitter warns hackers exploited an API bug on its platform to inappropriately match and learn linked phone numbers of millions of users.
https://thehackernews.com/2020/02/find-twitter-phone-number.html
Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.
https://thehackernews.com/2020/02/find-twitter-phone-number.html
Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.
A 'technical error' in Google Takeout service accidentally shared private videos (uploaded to Google Photos) of some users with other accounts.
https://thehackernews.com/2020/02/google-photos-videos.html
Google admitted the latest privacy mishap yesterday in a security alert sent quietly to affected users.
https://thehackernews.com/2020/02/google-photos-videos.html
Google admitted the latest privacy mishap yesterday in a security alert sent quietly to affected users.
🔥 CVE-2019-18426
WhatsApp for Web and Desktop contained multiple vulnerabilities, which, when combined together, could have even allowed remote attackers to read files from a victim's local file-system just by sending messages.
Read details: https://thehackernews.com/2020/02/hack-whatsapp-web.html
WhatsApp for Web and Desktop contained multiple vulnerabilities, which, when combined together, could have even allowed remote attackers to read files from a victim's local file-system just by sending messages.
Read details: https://thehackernews.com/2020/02/hack-whatsapp-web.html
A new security flaw (CVE-2020-6007) in Philips Smart Light Bulbs 💡 could let remote attackers gain access to your entire WiFi network (over-the-air without cracking password) & launch further attacks against other devices connected to the same.
Details: https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html
Details: https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html
The Hacker News
Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
A new Zigbee vulnerability in Philips Hue Smart Light Bulbs could exposes your other devices connected to the same WiFi network at the risk of hacking.
Interesting! Researchers demonstrated a new clever technique to covertly exfiltrate sensitive data from a targeted Air-Gapped computer using the brightness of an LCD screen.
Read details: https://thehackernews.com/2020/02/hacking-air-gapped-computers.html
Read details: https://thehackernews.com/2020/02/hacking-air-gapped-computers.html
5 new high-impact vulnerabilities in Cisco discovery protocol expose tens of millions of enterprise-grade routers, switches, IP phones and cameras to hackers.
Details: https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html
Collectively dubbed ‘CDPwn,’ 4 out of 5 issues lead to Remote Code Execution attacks.
Details: https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html
Collectively dubbed ‘CDPwn,’ 4 out of 5 issues lead to Remote Code Execution attacks.
BREAKING: U.S. Department of Justice today announced charges against 4 Chinese military hackers who were allegedly involved in hacking into the Equifax credit reporting agency and stealing personal & financial data of nearly 150 million Americans.
Read: https://thehackernews.com/2020/02/equifax-chinese-military-hackers.html
Read: https://thehackernews.com/2020/02/equifax-chinese-military-hackers.html
A security loophole on the website of a voting management app used by the ruling party in Israel leaked personal data of all 6.5 million Israeli voters―just 3 weeks before the country is going to have a legislative election.
Read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html
Read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html