⚠️ WARNING !!!

It's possible to hack iPhones / iPads just by sending an email to targeted users.

Hackers have been exploiting critical 0-click + 0-day RCE vulnerability in the default mail app installed on millions of Apple devices.

Details — https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html

(NEW) Chinese hackers found using a new iPhone hack to target Uyghurs Muslims with an iOS spyware program—capable of stealing contacts, location data, and plaintext messages from secure messaging and email clients, including Signal and ProtonMail.

https://thehackernews.com/2020/04/iphone-zero-day-exploit.html

Hackers behind a recent BEC attack tricked 3 British Private Equity firms into wire-transferring them $1.3 million — while the victimized executives thought they closed an investment deal with some startups.

Details: https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Read Details — https://thehackernews.com/2020/04/usb-drive-botnet-malware.html

Wormable BUG!

Just by sending an innocent-looking image, remote attackers could've taken over an organization's entire roster of 'Microsoft Teams' accounts. (Patch Released)

Read details — https://thehackernews.com/2020/04/microsoft-teams-vulnerability.html

Nowhere to hide!

Researchers uncover a potential new method of profiling users in the crowd by de-anonymizing their smart device IDs (e.g., MAC addresses) to their biometrics (e.g., face, voice, gait).

Details ➤ https://thehackernews.com/2020/04/deanonymize-device-biometrics.html

</> Patch 'em all </>

Adobe today released security patches for over a dozen newly-discovered critical vulnerabilities affecting 3 of its popular software:

✅ Magento CMS
✅ Adobe Illustrator
✅ Adobe Bridge

Read details — https://thehackernews.com/2020/04/adobe-software-updates.html

During COVID19 pandemic, where many organizations & universities are embracing online learning, researchers discover multiple critical vulnerabilities in 3 widely-used Learning Management System (LMS) plugins for #WordPress sites.

Read more — https://thehackernews.com/2020/04/wordpress-lms-plugins.html

EventBot — A new Android malware spotted in-the-wild steals infected users' BANKING passwords, exfiltrate private DATA, and capture KEYSTROKES to spy on accounts and the content of other apps installed on the targeted devices.

Read: https://thehackernews.com/2020/04/android-banking-keylogger.html

🔥 WARNING — Here’s a new CVSS 10 Bug.

A newly disclosed critical SaltStack RCE (as root) vulnerability (CVE-2020-11651) affects thousands of servers (~6000) deployed in data centers and cloud environments.

Read details — https://thehackernews.com/2020/05/saltstack-rce-vulnerability.html

WARNING — Just within a day after public disclosure of SaltStack RCE vulnerability (CVE-2020-11651), hackers have started exploiting unpatched servers.

✅ LineageOS [hacked]
✅ Ghost CMS [hacked]
✅ DigiCert [hacked]

Read more: https://thehackernews.com/2020/05/saltstack-rce-exploit.html

Now this 👇 is Interesting!

A researcher demonstrated a malware that jumps air-gapped — also audio gapped — devices (PC, servers, IoT, embedded devices) by turning their power-supplies into out-of-band speakers.

Read details + watch demo ➤
https://thehackernews.com/2020/05/air-gap-malware-power-speaker.html

Attention Xiaomi Users!

You Should immediately change the newly introduced PRIVACY setting in your Mi/Mi Pro and Mint browsers to prevent the company from spying on your web history and online activities when browsing in INCOGNITO mode.

Read details:
https://thehackernews.com/2020/05/xiaomi-browser-history.html

{new} 🔥 Watch Out Enterprises!

Citrix ShareFile platform contains critical vulnerabilities that could let unauthenticated attackers steal proprietary, sensitive business data from on-premise storage zone controllers.

Details — https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html

Facebook launches 'Discover,' a new, yet another, free Internet service in partnership with mobile carriers across the world.

Unlike previous projects, Discover:

✅ Treats all websites equally,
✅ Accesses sites through a secure web proxy,
✅ Lets users browse text-based sites.

Read details:
https://thehackernews.com/2020/05/facebook-discover-free-internet.html

A Chinese APT group has recently been spotted targeting government entities in the Asia-Pacific region as part of a stealthy cyber-espionage campaign that went undetected for the last 5 years.

Read details ➤ https://thehackernews.com/2020/05/asia-pacific-cyber-espionage.html

Digital Ocean — one of the largest modern web hosting companies — recently suffered a data leak incident that exposed some of its customers' data to unauthorized third parties, at least 15 times.

Read more: https://thehackernews.com/2020/05/digitalocean-data-breach.html

⚡ ThunderSpy 🕵️‍♂️

7 new unpatchable hardware vulnerabilities affect all Thunderbolt-equipped computers sold in the last 9 years, letting attackers steal data from encrypted systems—when locked or in sleep mode—through 'evil maid' scenarios.

Read: https://thehackernews.com/2020/05/thunderbolt-vulnerabilities.html

Watch Out !!!

If you are running a vBulletin forum website, make sure to install a newly issued security patch update that fixes an undisclosed critical vulnerability (CVE-2020-12720) in the popular forum software.

Read here: https://thehackernews.com/2020/05/vBulletin-access-vulnerability.html

Over 4000 Android apps are 'unknowingly' leaking sensitive information on their millions of users through misconfigured (publicly accessible) Google cloud-hosted Firebase databases, a recent assessment of just 15,000 apps revealed.

Read details: https://thehackernews.com/2020/05/android-firebase-database-security.html

Kali Linux version 2020.2 has been released with:

✅ KDE Plasma Makeover & Login
✅ PowerShell by Default
✅ Kali on ARM Improvements
✅ Lessons From The Installer Changes
✅ New Key Packages & Icons
✅ Behind the Scenes, Infrastructure Improvements

https://twitter.com/TheHackersNews/status/1260254183644487680