Google's latest Android July 2019 security update patches 33 new vulnerabilities, the most critical of which resides in the Media framework that could allow remote attackers to execute arbitrary code on targeted devices using a specially crafted file

https://thehackernews.com/2019/07/android-security-update.html

China's border guards have been caught secretly installing a surveillance app—called Feng Cai (蜂采) or BXAQ—on the tourists' phones that instantly extracts texts messages, call records, contacts, more, and also scan the device for 73,000 objected files

https://thehackernews.com/2019/07/xinjiang-fengcai-spyware.html

D-Link has agreed to implement a "comprehensive software security" program and undergo 10 years of biennial security audits to settle FTC charges over the security of its routers & IP cameras, and negligence in patching reported vulnerabilities

https://thehackernews.com/2019/07/ftc-d-link-router-security.html

23-Year-Old DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison

Read more — https://thehackernews.com/2019/07/christmas-ddos-attacks.html

He has also been ordered to pay $95,000 in damages to Daybreak Games, previously known as Sony Online Entertainment.

Beware ➤ 17-Year-Old weakness in Firefox browser could allow downloaded HTML files to access other sensitive files stored on a victim's computer and send data back to remote attackers.

https://thehackernews.com/2019/07/firefox-same-origin-policy-hacking.html

Researcher successfully weaponized the issue and demonstrated PoC.

Official GitHub account of Canonical—the company behind Ubuntu Linux project—gets hacked.

Read more ➤ https://thehackernews.com/2019/07/canonical-ubuntu-github-hacked.html

British Airways Fined £183.39 Million Under #GDPR Over 2018 Data Breach

https://thehackernews.com/2019/07/british-airways-breach-gdpr-fine.html

BEWARE — If you use (popular) Zoom video conferencing software on your Mac computer, then any website you're visiting can turn on your WEBCAM without your permission.

Learn more ⮞ https://thehackernews.com/2019/07/webcam-hacking-video-conferencing.html

Details and PoC for a severe security flaw in Zoom app disclosed.

Watch Out! Microsoft Spotted Spike in Astaroth Fileless Malware Attacks

https://thehackernews.com/2019/07/astaroth-fileless-malware.html

Over 1,300 Android Apps Have Been Caught Using "Covert and Side-Channels" Techniques to Collect Your Data Even When You Deny Permissions, Including Device Location and Identifiers.

https://thehackernews.com/2019/07/android-permission-bypass.html

Severe Unpatched "Prototype Pollution" Vulnerability [CVE-2019-10744] Affects All Versions [Including Latest] of Popular Lodash Library

Details & PoC ➤ https://thehackernews.com/2019/07/lodash-prototype-pollution.html

Lodash a highly popular JavaScript library used by more than 4 million projects on GitHub alone.

July 2019 Patch Tuesday—Microsoft Releases Latest Security Updates

✅ 6 Flaws were disclosed publicly
✅ 2 Flaws found being actively exploited in the wild

Read More:
https://thehackernews.com/2019/07/microsoft-security-updates.html

Adobe releases latest #security bulletins of July 2019 that includes patches for:

✅ Adobe Bridge CC
✅ Adobe Experience Manager
✅ Adobe Dreamweaver

❌ No Flash Player
❌ No Acrobat Reader
❌ No Critical Flaws

Read more: https://blogs.adobe.com/psirt/?p=1765

Another Day, Another GDPR Fine

World's largest Hotel Chain "Marriott International" Faces $123 Million Fine Over Starwood #DataBreach That Exposed Personal Data of Nearly 339 Million Guests

https://thehackernews.com/2019/07/marriott-data-breach-gdpr.html

UK's ICO Recently Also Fined British Airways with £183 Million

😃 We've got some really exciting 🔥 news for you…

Hackers' 👩‍💻 Favorite Operating System Kali Linux Released for Raspberry Pi 4
Learn More ➤ https://thehackernews.com/2019/07/kali-linux-raspberry-pi-4.html

Researchers spotted new versions of the powerful government-grade surveillance malware — dubbed FinSpy — targeting iOS and Android users in Myanmar.

https://thehackernews.com/2019/07/finspy-spyware-android-ios.html

New ➤ In a massive supply-chain attack, Magecart credit-card hackers infected nearly 17,000 websites by modifying JavaScript files hosted on hundreds of misconfigured Amazon S3 Buckets.

Read: https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html

📢 Watch Out!

Researchers spotted a new malware that automatically replace legitimate popular Android apps⁠—⁠WhatsApp, JioTV, AppLock, HotStar, Flipkart, Truecaller—installed on your device with modified malicious versions of them.

Learn more: https://thehackernews.com/2019/07/whatsapp-android-malware.html

Learn how using a Cybersecurity Frameworks can help your organization become more focused on protecting its critical assets.https://thehackernews.com/2019/07/best-cybersecurity-frameworks.html

In case you missed it...

New ransomware targeting QNAP network-attached storage devices https://thehackernews.com/2019/07/ransomware-nas-devices.html

—Tips—

✅ Use Strong Passwords
✅ Enable Network Access Protection
✅ Enable System Connection Logs
✅ Disable Unrequired Services
✅ Disable "Searchable"