July 2019 Patch Tuesday—Microsoft Releases Latest Security Updates

✅ 6 Flaws were disclosed publicly
✅ 2 Flaws found being actively exploited in the wild

Read More:
https://thehackernews.com/2019/07/microsoft-security-updates.html

Adobe releases latest #security bulletins of July 2019 that includes patches for:

✅ Adobe Bridge CC
✅ Adobe Experience Manager
✅ Adobe Dreamweaver

❌ No Flash Player
❌ No Acrobat Reader
❌ No Critical Flaws

Read more: https://blogs.adobe.com/psirt/?p=1765

Another Day, Another GDPR Fine

World's largest Hotel Chain "Marriott International" Faces $123 Million Fine Over Starwood #DataBreach That Exposed Personal Data of Nearly 339 Million Guests

https://thehackernews.com/2019/07/marriott-data-breach-gdpr.html

UK's ICO Recently Also Fined British Airways with £183 Million

😃 We've got some really exciting 🔥 news for you…

Hackers' 👩‍💻 Favorite Operating System Kali Linux Released for Raspberry Pi 4
Learn More ➤ https://thehackernews.com/2019/07/kali-linux-raspberry-pi-4.html

Researchers spotted new versions of the powerful government-grade surveillance malware — dubbed FinSpy — targeting iOS and Android users in Myanmar.

https://thehackernews.com/2019/07/finspy-spyware-android-ios.html

New ➤ In a massive supply-chain attack, Magecart credit-card hackers infected nearly 17,000 websites by modifying JavaScript files hosted on hundreds of misconfigured Amazon S3 Buckets.

Read: https://thehackernews.com/2019/07/magecart-amazon-s3-hacking.html

📢 Watch Out!

Researchers spotted a new malware that automatically replace legitimate popular Android apps⁠—⁠WhatsApp, JioTV, AppLock, HotStar, Flipkart, Truecaller—installed on your device with modified malicious versions of them.

Learn more: https://thehackernews.com/2019/07/whatsapp-android-malware.html

Learn how using a Cybersecurity Frameworks can help your organization become more focused on protecting its critical assets.https://thehackernews.com/2019/07/best-cybersecurity-frameworks.html

In case you missed it...

New ransomware targeting QNAP network-attached storage devices https://thehackernews.com/2019/07/ransomware-nas-devices.html

—Tips—

✅ Use Strong Passwords
✅ Enable Network Access Protection
✅ Enable System Connection Logs
✅ Disable Unrequired Services
✅ Disable "Searchable"

Facebook to Pay Record $5 Billion Fine to Settle FTC’s Privacy Investigation Into Cambridge Analytica Scandal

Read More: https://thehackernews.com/2019/07/facebook-data-privacy-ftc.html

Mozilla releases Grizzly, a cross-platform browser fuzzing framework designed to allow fuzzer developers to focus solely on writing fuzzers and not worry about the overhead of creating tools and scripts

https://github.com/MozillaSecurity/grizzly

Supported by Linux, MacOS and Windows are supported

📢 PoC Confirmed : CVE-2019-13567

Besides the video privacy bug disclosed earlier this week, insecure local web-server installed by Zoom software also left Mac computers vulnerable to a critical Remote Code Execution (RCE) flaw

Read ➤ https://thehackernews.com/2019/07/zoom-video-conferencing-hacking.html

—by @unix_root

😱 This vulnerability could have allowed hackers to hack any Instagram account within 10 minutes—no user interaction required.

https://thehackernews.com/2019/07/hack-instagram-accounts.html

Facebook rewarded researcher with $30,000 bug bounty for helping it find and fix this critical loophole.

Interesting Attack Scenario:

Researchers explain how iOS "URL Scheme" could allow app-in-the-middle attackers to steal secret login-tokens from your social accounts, trigger unauthorized payments, or perform other actions.

Learn More ➤ https://thehackernews.com/2019/07/ios-custom-url-scheme.html

Not Just Zoom video conferencing software… it’s popular white-labelled rebranded versions — RingCentral and Zhumu — also install a hidden local web-server on macOS systems, which are also vulnerable to RCE and WebCam privacy flaws

https://thehackernews.com/2019/07/zoom-ringcentral-vulnerabilities.html

PoC Video Released

⚠️ Turn This OFF…

A default setting on WhatsApp messenger could allow malicious apps installed on your device to manipulate incoming media files, and spread fake news or scam you into sending payments to the wrong account.

Learn more ➤ https://thehackernews.com/2019/07/media-files-whatsapp-telegram.html

Dubbed “Media File Jacking,” the attack also works against Telegram for Android.

🔊 Spearphone

A New Side-Channel Attack Lets Android Apps Eavesdrop On Loudspeaker Data Using Accelerometer Motion Sensor—Without Requiring Any Device Permission.

Learn More ➤ https://thehackernews.com/2019/07/android-side-channel-attacks.html

😈 EvilGnome

Security researchers discovered a new Linux backdoor implant that spies on Linux desktop users and is currently undetected across all major antivirus security software products

https://thehackernews.com/2019/07/linux-gnome-spyware.html

Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal & financial information of 5 million taxpayers — 70% of Bulgaria population — after a hacker stole 21GB of databases from National Tax Agency

https://thehackernews.com/2019/07/bulgaria-nra-data-breach.html

Slack Resets Passwords For Lazy Users Who Hadn't Changed It Since 2015 Data Breach

Read More ➤ https://thehackernews.com/2019/07/slack-password-data-breach.html

Why after 4-years? Because company recently became aware of a list containing valid username and password combinations for those Slack users.