Researchers discover a new rapidly evolving, rootkit-enabled multifunctional spyware—dubbed SCRANOS—that can steal browser history, cookies, passwords and payment accounts from various services, inject ads, and download new payloads

Read: https://thehackernews.com/2019/04/scranos-rootkit-spyware.html

Google introduces plans to make it more tough for rogue/malware #Android app developers to get back on its Play Store.

https://thehackernews.com/2019/04/android-google-play-store.html

...apparently, a less painful, transparent, but strict and detailed app review process for 1st-time developers.

BREAKING — JustDial, India's Largest Local Search Service, Has Been Found Exposing Over 100 Million Users' Personal Data On the Internet.

https://thehackernews.com/2019/04/justdial-hacked-data-breach.html

Researcher took control over a Microsoft-owned subdomain—associated with its "Windows 8 Live Tiles" feature—by exploiting a weakness in Azure Cloud Service & used it to show how hackers could have pushed malicious content to Windows users

https://thehackernews.com/2019/04/subdomain-microsoft-azure.html

Drupal Releases Core CMS Updates to Patch Several "Moderately Critical" Security Vulnerabilities

https://thehackernews.com/2019/04/drupal-security-update.html

Remember when Facebook was recently caught asking its users for their emails' account passwords?

Facebook today admitted that it "unintentionally" used access to 1.5 million users' email accounts and collected their contacts without users' knowledge and consent.

Read more: https://thehackernews.com/2019/04/facebook-email-database.html

Facebook stored millions of Instagram users' passwords in plaintext, not for "tens of thousands" users, a quietly added update to the company's last month blog post revealed today.

https://thehackernews.com/2019/04/instagram-password-plaintext.html

A researcher found full Source Code for CARBANAK banking malware—yes, this time for real—and some of its previously unseen plugins on the VirusTotal that were uploaded two years ago but went unnoticed.

https://thehackernews.com/2019/04/carbanak-malware-source-code.html

by @security_wang

Watch out! Hackers have started exploiting two recently disclosed critical flaws in the 'Social Warfare' plugin for #WordPress.

https://thehackernews.com/2019/04/wordpress-plugin-hacking.html

Although a patched version is available for a month now, thousands of WordPress sites are still using an older version.

'Karkoff' Is the New 'DNSpionage' With Selective Targeting Strategy

https://thehackernews.com/2019/04/karkoff-dnspionage-malware.html

Attackers have launched a new malware campaign that first performs reconnaissance on its victims and then choose which targets to infect with the new malware
.

Top U.S. lawmakers has sent an open letter to Google CEO Sundar Pichai asking him to answer 10 important questions about Google's Sensorvault location tracking database

https://thehackernews.com/2019/04/google-location-database.html

Whoops! Facebook's 1st quarter 2019 earnings report reveals that the company is expecting a "record-setting" fine of up to $5 BILLION from the FTC over its mishandling of users' data and #privacy violations in Cambridge Analytica scandal.

https://thehackernews.com/2019/04/facebook-ftc-fine-privacy.html

'Highly Critical' Unpatched Zero-Day RCE Flaw Discovered in Oracle WebLogic Servers

Read More ⮞ https://thehackernews.com/2019/04/oracle-weblogic-hacking.html

[Important] An unpatched arbitrary file upload #vulnerability in a popular WordPress WooCommerce extension—WooCommerce Checkout Manager—has been disclosed publicly that could allow unauthenticated attackers to compromise more than 60,000 e-Commerce sites

https://thehackernews.com/2019/04/wordpress-woocommerce-security.html

New York AG, Canada and Ireland has launched 3 new separate investigations into Facebook’s latest privacy blunders

https://thehackernews.com/2019/04/facebook-privacy-investigation.html

The $5 billion fine seems to be just 1st installment of what Facebook has to pay for continuously ignoring users' privacy

#Docker Hub suffers a data breach,
Exposes sensitive information of 190,000 users,
Users should reset passwords,
GitHub tokens and access keys have been revoked,
Check your GitHub / BitBucket repos for unauthorised access,

https://thehackernews.com/2019/04/docker-hub-data-breach.html

Unsecured Database Exposes Personal Info of 80 Million American Households

https://thehackernews.com/2019/04/america-personal-data.html

Rapidly Growing Electrum DDoS Botnet Infects Over 152,000 Bitcoin Users, and Steals Nearly $4.6 Million in Cryptocurrencies

https://thehackernews.com/2019/04/electrum-bitcoin-wallet-botnet.html

Over Dozen Widely-Used Email Clients Found Vulnerable to Various OpenPGP and S/MIME Email Signature Spoofing Attacks

Read https://thehackernews.com/2019/04/email-signature-spoofing.html

Affected clients [for Windows, Linux, macOS, iOS, Android] include Thunderbird, Outlook, Apple Mail, Trojitá, Airmail

Hackers Found Exploiting Recently Patched Oracle WebLogic RCE Flaw to Infect Still-Vulnerable Servers with "Sodinokibi" and GandCrab Ransomware

https://thehackernews.com/2019/05/ransomware-oracle-weblogic.html