New: Yet another incredibly frustrating WhatsApp crash 💥 bug could have let anyone crash-loop the app for all members of a group just by dropping a simple message.

Watch demo and read → https://thehackernews.com/2019/12/whatsapp-group-crash.html

Forcing all group members to re-install WhatsApp & loose chat history.

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, suffered a massive data breach exposing personal & medical information of nearly 15 million customers.

https://thehackernews.com/2019/12/lifelabs-data-breach.html

Company said it paid ransom to recover stolen data from hackers.

👏 Bravo! Google today announced to offer upfront financial support for open-source projects, helping developers to arrange additional resources to prioritize cybersecurity of their software and services.

Read: https://thehackernews.com/2019/12/google-open-source-projects.html

Patch your Drupal websites.

Drupal updates released to patch 1 critical and 3 moderately critical vulnerabilities in the widely used CMS software.

Details: https://thehackernews.com/2019/12/drupal-website-hacking.html

➡️ Data Manipulation
➡️ Denial of Service
➡️ Security Restriction Bypass
➡️ Information Disclosure

* Warning *

If you used your credit or debit card to buy gas or snacks at any Wawa convenience store (over 700), anytime in the past 9 months, your payment card details may have been stolen by cybercriminals using PoS malware.

Read here: https://thehackernews.com/2019/12/wawa-store-hacking.html

🎉 Great news for hackers!

Apple finally opens its invite-only ‘Bug Bounty Program’ to all researchers with increased payouts up to $1.5 million, rewarding for responsibly reporting security vulnerabilities in the latest publicly available versions of iOS, macOS, watchOS, tvOS, iPadOS, and iCloud, and, where relevant, on the latest publicly available hardware.

https://thehackernews.com/2019/12/apple-bug-bounty-program.html

Read more: https://twitter.com/TheHackersNews/status/1208066145326026753

Members of GozNym cybercrime network—who used a banking malware to steal nearly $100 million from thousands of people—have been sentenced to prison.

Details: https://thehackernews.com/2019/12/goznym-malware-sentenced.html

This hacking group was dismantled by Europol earlier this year.

22-year-old hacker—member of the 'Turkish Crime Family' group who in 2017 threatened #Apple to wipe out 319 million #iCloud accounts and tried to blackmail the company for $100,000 ransom—pleaded guilty and sentenced in London with no jail time.
https://thehackernews.com/2019/12/hacker-who-tried-to-blackmail-apple-for.html

Popular restaurant chain Landry's suffered POS #malware attack on its systems at more than 600 bars, restaurants, hotels, casinos, and beverage outlets that allowed attackers to steal payment card information of *undisclosed* number of its customers.
https://thehackernews.com/2020/01/landry-pos-malware-attack.html

A privacy bug in Xiaomi smart cameras connected to Google's Nest Hub mistakenly streamed surveillance footage of random users with other users.

For now, Google has temporarily disabled Xiaomi devices' access to its Nest Hub and Assistant.

Read more: https://t.co/PQhMx6SCjv

3 Malicious apps distributed via Google Play Store were exploiting a critical Android rooting flaw (CVE-2019-2215) almost 6 months before it was discovered that Israeli surveillance firm NSO Group used the flaw as zero-day
.

Read: https://thehackernews.com/2020/01/android-zero-day-malware-apps.html

{ New } Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS

Details + demo ➤ https://thehackernews.com/2020/01/hack-tiktok-account.html

Combining multiple flaws could allow remote attackers to:

✅ Delete/Add any video,
✅ Make private hidden videos public,
✅ Steal personal info.

Attention! Hackers actively exploiting a new critical 0-day bug (CVE-2019-17026) in Firefox that could let remote attackers take complete control over your computers just by tricking you into visiting a malicious site.

Read ➤ https://thehackernews.com/2020/01/firefox-cyberattack.html

Update your browser now!

Watch Out, SysAdmins!

Weaponized PoC exploits for critical RCE vulnerability (CVE-2019-19781) in Citrix ADC and Gateway products have been released to the public.

https://t.co/CPyzL9SBAr

— Over 125,400 publicly accessible Citrix servers,
— No patch available, just mitigation. https://t.co/7vnISlqbWN

Adobe releases its first 2020 Patch Tuesday updates to fix a total of 9 new security vulnerabilities in Adobe Experience Manager and Adobe Illustrator—5 of which are critical.

Read details: https://thehackernews.com/2020/01/adobe-software-updates.html

Install patches at your earliest convenience.

WARNING: Install Latest Windows 10 Updates Immediately!

Microsoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).

Read more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html

Advanced Phishing Protection:

You can now turn your iPhone or iPad into a physical two-factor authentication security key for securely logging into your Google accounts.

Learn how to activate it ➤ https://thehackernews.com/2020/01/google-iphone-security-key.html

It's available to #Android users since last year.

Microsoft issues an advisory warning Windows users of a new zero-day vulnerability in IE web browser that attackers are actively exploiting in the wild — and there's no patch yet available for it.

https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html

Mitigation & workarounds released — Disable JScript.dll