Critical Flaws in Qualcomm Chipsets Expose Millions of Android Devices to Over-the-Air Hacking

https://thehackernews.com/2019/08/android-qualcomm-vulnerability.html

U.S. has charged a Pakistani man who bribed AT&T employees to plant malware on the company's network, and illegally, unauthorisedly unlocked over 2 million phones.

Read ➤ https://thehackernews.com/2019/08/sim-device-unlocking-malware.html

💻 SWAPGS Attack [CVE-2019-1125]

A new Spectre (v1) like side-channel vulnerability affects all modern #Intel CPUs that leverage speculative execution.

https://thehackernews.com/2019/08/swapgs-speculative-execution.html

According to Microsoft & Red Hat advisories, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens and encryption keys, that would otherwise be inaccessible.

⚠️ Unpatched / 0-Day

A new flaw in KDE Plasma could allow maliciously crafted .desktop and .directory files to silently run arbitrary code on a targeted Linux desktop—without even requiring victim to actually open it.

https://thehackernews.com/2019/08/kde-desktop-linux-vulnerability.html

PoC videos & exploit code released

Someone is reportedly leaking KYC data of #Binance users online and blackmailing the #cryptocurrency exchange to pay 300 Bitcoins (~$3.5 million).



https://thehackernews.com/2019/08/binance-kyc-data-leak.html



Binance is investigating the incident & offering $290,000 bounty to provide identity of the blackmailer.

New high-risk flaws in over 40 hardware drivers (from at least 20 vendors) could let attackers gain most privileged permission on your Windows computer and install persistent backdoors.

Read: https://thehackernews.com/2019/08/windows-driver-vulnerability.html

Affected vendors include ASUS, Toshiba, Intel, NVIDIA & Huawei

🔐 Your Precious Memories Can Get Locked!

Canon’s EOS-series 📷 DSLR and PowerShot cameras are vulnerable to multiple vulnerabilities that could allow hackers to compromise your camera and deploy ransomware remotely.

Read ➤ https://thehackernews.com/2019/08/dslr-camera-hacking.html

☝️Watch video demonstration

Forget Passwords! Here's a fastest way to “Verify It's You”

Chrome for Android users can now securely log-in to certain Google services using their FINGERPRINT👍or other device unlock methods, including pins, pattern or password

Learn more ➤ https://thehackernews.com/2019/08/android-local-user-verification.html

Epic Games Hit With Class-Action Lawsuit Over Hacked 'Fortnite' Accounts
.

https://thehackernews.com/2019/08/epic-games-fortnite-lawsuit.html

On the behalf of over 100 affected users, #lawsuit accuses the company of failing to maintain adequate security measures and notify users of the #security breach in a timely manner.

Cerberus — A New Android “Banking Malware for Rent” Emerges Online

https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html

🔥 Breaking: Google researcher discloses 20-year-old 'unpatched' vulnerabilities affecting all versions of Microsoft Windows—from XP to the latest Windows 10.

Details ➤ https://thehackernews.com/2019/08/ctfmon-windows-vulnerabilities.html

It could allow attackers to gain SYSTEM privileges on a targeted PC.

⚡HTTP/2 DoS Attacks

Various widely-used implementations of HTTP/2 protocol have been found vulnerable to multiple denial-of-Service (DoS) vulnerabilities, allowing attackers to easily knock websites running over vulnerable servers OFFLINE.

Details ➤ https://thehackernews.com/2019/08/http2-dos-vulnerability.html

🔥 CVE-2019-9506

A new Bluetooth 'Encryption Key Negotiation' vulnerability lets attackers hijack and spy on encrypted connections.

Read: https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html

The flaw affects a wide-range of Bluetooth-enabled devices including smartphones, laptops, IoTs, and industrial devices.

A privacy flaw in Kaspersky antivirus products by-default exposed its users to cross-site online tracking—even in incognito mode.

https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

The 4-year-old flaw, CVE-2019-8286, could have allowed online trackers to identify you without even using browser cookies.

This new smartphone app—called "Bluetana"—can quickly detect hidden Bluetooth-enabled #CreditCard skimmers at Gas Pumps and ATMs

https://thehackernews.com/2019/08/credit-card-skimmer-detector.html

Researchers bypass security patches for two severe vulnerabilities that "LibreOffice" attempted to patch in its software with earlier updates.

Read this ➤ https://thehackernews.com/2019/08/libreoffice-patch-update.html

Update LibreOffice (Windows, Linux and macOS) to version 6.2.6/6.3.0 to patch them again.

The European Central Bank (ECB) Shuts Down Its 'BIRD Portal' After Getting Hacked

https://thehackernews.com/2019/08/european-central-bank-hack.html

Watch Out, SysAdmins!

Someone planned an RCE backdoor in Webmin (versions 1.882 through 1.921)—a popular open source, web-based cPanel type utility for Linux/Unix servers—that remained hidden for over a year, allowing unauthenticated remote attackers to execute arbitrary commands with root privileges on affected servers

https://thehackernews.com/2019/08/webmin-vulnerability-hacking.html

⚡ Fully working jailbreak released for the latest iOS 12.4 — thanks to Apple who "accidentally unpatches" an old vulnerability (CVE-2019-8605) that it patched previously in iOS 12.3.

Details ➤ https://thehackernews.com/2019/08/ios-iphone-jailbreak.html

It works on updated iPhone, iPad and iPod touch devices.

👨‍🔧 Off-Facebook Activity

Facebook releases a new privacy tool that lets its users view & simply dissociate their Facebook identity from the data 3rd-party websites & apps share with the company through online tracking tools.

Read details ➤ https://thehackernews.com/2019/08/clear-off-facebook-activity.html