Severe RCE vulnerability (CVE-2019-12815) disclosed in the popular ProFTPD (FTP server) — affecting over 1 million servers

Read ➤ https://thehackernews.com/2019/07/linux-ftp-server-security.html

Ex-contractor at Siemens pleads guilty to planting 'self-destructing logic bomb' into spreadsheets and earn extra income by offering support when the code sets off

https://thehackernews.com/2019/07/siemens-logic-bomb.html

He is currently facing 10 years in prison and/or up to $ 250,000 in fine.

Facebook has agreed to pay $5 billion fine and accepted a 20-year-long "Privacy Program" agreement under FTC oversight—which includes some major structural changes to strengthen its #privacy practices and hold the company accountable.

https://thehackernews.com/2019/07/ftc-facebook-privacy-program.html

What do you think?

⚠️ Watch Out!

Google Play, PornHub, Signal, UC Browser, or Skype installed on your smartphones could be a ‘Russian’ spy tool.

A New Advanced Android Surveillance Malware Discovered in the Wild—Created by Russian Defense Contractor STC.

Read ➤ https://thehackernews.com/2019/07/russian-android-spying-apps.html

⚠️ WatchBog

Rapidly spreading multi-module Linux botnet now also scans for Windows computers and adds systems vulnerable to BlueKeep RDP flaw to its future target list.

Read details ➤ https://thehackernews.com/2019/07/linux-malware-windows-bluekeep.html

☠️ Doppelgänging Attack

NEW—Several popular malware families, including FormBook, LokiBot, SmokeLoader and GandCrab, have been found using 7 distinct versions of "loaders" that exploit fileless 'Process Doppelgänging' technique to evade detection

Read ➤ https://thehackernews.com/2019/07/process-doppelganging-malware.html

Your Android Phone Can Get Hacked Just By Playing A Video (PoC Released)

Read more ➤ https://thehackernews.com/2019/07/android-media-framework-hack.html

PoC for a critical RCE flaw in Android, which Google patched just earlier this month, has been released on Github.

However, millions of Android devices haven’t yet received July Security Patches from their respective device manufacturers.

One of the Admins at “Silk Road” Dark Web Marketplace Sentenced to 78 Months in U.S. Prison On Drug Trafficking Charges

https://thehackernews.com/2019/07/silk-road-dark-web-admin.html

Ransomware Attack On Johannesburg’s Power Company Leaves Many Residents of the Biggest South African City in the Dark

https://thehackernews.com/2019/07/cyberattack-power-outage.html

Using #LibreOffice?

Update it!

LibreOffice 6.2.5 release patches two flaws (CVE-2019-9848, CVE-2019-9849) that may allow:

✅ execution of arbitrary python commands silently without warning
✅ inclusion of remote arbitrary content within a document even when 'stealth mode' is enabled

⚠️ Beware, It’s Unpatched.

Just Opening A Document in #LibreOffice Can Hack Your Computer

Read ➤ https://thehackernews.com/2019/07/libreoffice-vulnerability.html …

Researcher Discovers Bypass for Recently Patched Code Execution Flaw (CVE-2019-9848) in LibreOffice.

⚡Breaking

WannaCry 'killer' Marcus Hutchins, a.k.a. MalwareTech, gets "no jail time" and one year of supervised release for creating & selling Kronos malware, the Judge rules describing his good work as "too many positives on the other side of ledger"

https://thehackernews.com/2019/07/marcus-hutchins-sentenced.html

Watch Out! FaceApp Unnecessarily Requests Access to Users' Facebook Friends List

https://thehackernews.com/2019/07/faceapp-facebook-privacy.html

FaceApp had a feature that required this data, which has now been discontinued, but apparently, it still collects Friends List when users chose to "Login with Facebook."

💥 URGENT/11

Critical Flaws Found in Widely-Used VxWorks OS for Embedded Systems That Powers Over 2 Billion Devices

➤ https://thehackernews.com/2019/07/vxworks-rtos-vulnerability.html

Affected devices include enterprise, SCADA, industrial controllers, patient monitors, MRI machines, firewalls, printers & many more.

🤷🏻 Another week, another massive data breach

Capital One, the 5th largest U.S. credit card issuer, suffered a data breach exposing personal info of more than 100 million credit card applicants in the U.S. & 6 million in Canada.

Details ➤ https://thehackernews.com/2019/07/capital-one-data-breach.html

Google 'Project Zero' researchers disclose details and proof-of-concept (PoC) exploits for 4 remotely exploitable flaws that affect iOS devices and can be triggered just by sending a maliciously-crafted message over #iMessage.

Read 🡆 https://thehackernews.com/2019/07/apple-ios-vulnerabilities.html

⚠️ Patch Your eShops!

Critical security vulnerabilities discovered in 'OXID eShop' eCommerce software let remote hackers take full control over online shopping sites within seconds.

✅ Unauthenticated SQL Injection
✅ RCE

Details ➤ https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

https://thehackernews.com/2019/07/airplane-can-bus-hacking.html

👮 “False Claims Act”

Cisco ‘Knowingly’ Sold Hackable Video Surveillance Technology to Several U.S. Federal & State Government Agencies.

Read ➤ https://thehackernews.com/2019/08/cisco-surveillance-technology.html

To settle the lawsuit, Cisco has now agreed to pay $8.6 Million over failure to meet cybersecurity standards

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

https://thehackernews.com/2019/08/hack-wpa3-wifi-password.html

CVE-2019-13377 ➤ Timing-based side-channel attack against Dragonfly handshake when using Brainpool curves,

CVE-2019-13456 ➤ Information leak bug in FreeRADIUS' EAP-pwd implementation.