This is interesting...

Even a guest account on Windows can brute-force to crack password for any local account, including the administrator, through LogonUserW API because it offers unrestricted login attempts.

Here's a PoC tool: https://github.com/DarkCoderSc/win-brute-logon

A New Impersonation Vulnerability in Bluetooth Exposes Over A Billion Modern Devices to Hackers

Read details: https://thehackernews.com/2020/05/hacking-bluetooth-vulnerability.html

British airline EasyJet suffers a data breach exposing email address and travel details of over 9 million customers, including credit card details for a very few of them.

Read details: https://thehackernews.com/2020/05/easyjet-data-breach-hacking.html

Two unprotected AWS-hosted servers owned by the biggest Brazilian cosmetics company "Natura" exposed over 192 million records, containing personal information for 250,000 customers and payment account detail for at least 40,000 users.

Details: https://thehackernews.com/2020/05/natura-data-breach.html

Ukrainian police arrest a hacker who made headlines last year when he tried selling billions of stolen email addresses and plaintext passwords on various underground forums.

Read here — https://thehackernews.com/2020/05/ukrainian-hacker-arrested.html

Researchers uncovered an Iranian cyber espionage campaign targeting critical Aviation and Government infrastructures in Kuwait and Saudi Arabia.

Read more about Chafer APT hackers — https://thehackernews.com/2020/05/iran-hackers-kuwait.html

Hackers release Unc0ver 5.0.0 — the latest JAILBREAK tool that can unlock any iPhone and iPad using an UNPATCHED 0-day vulnerability, including those running the latest iOS 13.5 version.

Details here — https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html

<== New ==>

This variant of ComRAT backdoor now leverages Google's Gmail service to covertly receive commands and exfiltrate sensitive data from 'high-target' compromised computers.

Read details here: https://thehackernews.com/2020/05/gmail-malware-hacker.html

Strandhogg 2.0 !!!

A new critical vulnerability (CVE-2020-0096) affects over BILLION ANDROID devices that could let attackers hijack apps installed on targeted devices and steal users' BANKING and other log-in credentials.

Read to learn more:
https://thehackernews.com/2020/05/stranhogg-android-vulnerability.html

Researchers at Qihoo and China's Baidu disrupt a new 'Double Gun' botnet malware campaign that recently managed to infect hundreds of thousands of computers.

Read details: https://thehackernews.com/2020/05/chinese-botnet-malware.html

NEW ~~ Researchers uncovered the real identity of a hacktivist who defaced over 4800 Government and other websites in 40+ countries across the world—and is also a member of the 'Brazilian Cyber Army' hacking group.

Read details: https://thehackernews.com/2020/05/brazilian-hacker-vandathegod.html

A New Free Dark Web Monitoring Tool to Measure Your Exposure

Find Details Here: https://thehackernews.com/2020/05/dark-web-monitoring-tool.html

Exclusive – Any MitronApp Account Can Be Hacked in Seconds.

Learn how ➤ https://thehackernews.com/2020/05/titok-mitron-app-hacking.html

The viral TikTok alternative, with over 5 million installations within just 1 month, contains an UNPATCHED auth bypass vulnerability.

It's also untrusted, don't use it.

💪 DABANGG, a fearless attack!

Indian IIT researchers demonstrate a new noise-resilient technique that makes Flush-based Cache attacks more effective against modern Intel and AMD processors.

Read details & watch demos — https://thehackernews.com/2020/05/noise-resilient-flush-attack.html

⚡ A highly critical vulnerability affecting Apple's 'Sign in with Apple' feature could have let attackers hack into anyone's account on 3rd-party service or apps.


Read details here ➤ https://thehackernews.com/2020/05/sign-in-with-apple-hacking.html

Apple paid researcher a whopping $100,000 bug bounty for this flaw.

Joomla Resources Directory (JRD) portal has suffered a data breach affecting thousands of accounts.

https://thehackernews.com/2020/06/joomla-data-breach.html

Affected web developers and service providers are advised to immediately change their passwords.

{NEW} Researchers disclose details + PoC for a critical vulnerability (CVE-2020-3956) in VMware's Cloud Director platform that could let attackers compromise private clouds within an entire infrastructure and access to sensitive information.

https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html

A set of 6 newly patched critical vulnerabilities uncovered in SAP's Sybase ASE database software could grant unprivileged attackers complete control over enterprise databases and the underlying systems.

Details — https://thehackernews.com/2020/06/newly-patched-sap-ase-flaws-could-let.html

IMPORTANT — Make sure you are running the latest version of Zoom video conferencing app on your Windows, macOS or Linux computers.

Two recently patched critical flaws in Zoom could let attackers hack PCs remotely by sending messages via chat.

https://thehackernews.com/2020/06/zoom-video-software-hacking.html

Along with the set of a new malware arsenal used by Chinese hackers targeting south Asian countries, researchers spotted a never-seen-before espionage tool—called USBCulprit—that aims to steal data from air-gapped computers.

https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html

Any user account on the 'secure' Digilocker service (by Indian Government) could have been accessed with an OPT / Password due to a now-patched critical flaw, allowing attackers to steal sensitive documents stored on it.

Details: https://thehackernews.com/2020/06/aadhar-digilocker-hacked.html