CacheOut (CVE-2020-0549)

Researchers find a new speculative execution vulnerability in Intel CPUs that could let attackers leak targeted sensitive data from OS kernel, co-resident virtual machines, and even from Intel's secured SGX enclave.

Details: https://t.co/Rfo61umGx6

Researchers demonstrate how unwelcome guests could have found unique Zoom Meeting IDs & remotely eavesdrop on unprotected private sessions.

https://t.co/KgwQgQttqJ

Zoom now by default 'password protect' all meetings, and offers additional controls to prevent enumeration attack.

🔥 CVE-2020-7247


A new critical vulnerability in the OpenSMTPD mail daemon could let remote attackers take complete control over vulnerable OpenBSD and Linux based e-mail servers by sending specially crafted SMTP messages.


Read: https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html


Patch & PoC released.

Researcher discloses details of two recently patched potentially dangerous flaws in Microsoft Azure that could have let hackers target several businesses running web and mobile apps on the cloud servers.


Read: https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html

Yet Another Sudo Vulnerability!

When 'pwfeedback' is enabled, a new Sudo bug could let low privileged Linux & macOS users (or malicious programs) execute arbitrary commands with 'root' privileges.

Details for CVE-2019-18634 ➤ https://thehackernews.com/2020/02/sudo-linux-vulnerability.html

Twitter warns hackers exploited an API bug on its platform to inappropriately match and learn linked phone numbers of millions of users.

https://thehackernews.com/2020/02/find-twitter-phone-number.html

Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.

A 'technical error' in Google Takeout service accidentally shared private videos (uploaded to Google Photos) of some users with other accounts.

https://thehackernews.com/2020/02/google-photos-videos.html

Google admitted the latest privacy mishap yesterday in a security alert sent quietly to affected users.

🔥 CVE-2019-18426

WhatsApp for Web and Desktop contained multiple vulnerabilities, which, when combined together, could have even allowed remote attackers to read files from a victim's local file-system just by sending messages.

Read details: https://thehackernews.com/2020/02/hack-whatsapp-web.html

A new security flaw (CVE-2020-6007) in Philips Smart Light Bulbs 💡 could let remote attackers gain access to your entire WiFi network (over-the-air without cracking password) & launch further attacks against other devices connected to the same.

Details: https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html

Interesting! Researchers demonstrated a new clever technique to covertly exfiltrate sensitive data from a targeted Air-Gapped computer using the brightness of an LCD screen.

Read details: https://thehackernews.com/2020/02/hacking-air-gapped-computers.html

5 new high-impact vulnerabilities in Cisco discovery protocol expose tens of millions of enterprise-grade routers, switches, IP phones and cameras to hackers.

Details: https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html

Collectively dubbed ‘CDPwn,’ 4 out of 5 issues lead to Remote Code Execution attacks.

BREAKING: U.S. Department of Justice today announced charges against 4 Chinese military hackers who were allegedly involved in hacking into the Equifax credit reporting agency and stealing personal & financial data of nearly 150 million Americans.

Read: https://thehackernews.com/2020/02/equifax-chinese-military-hackers.html

A security loophole on the website of a voting management app used by the ruling party in Israel leaked personal data of all 6.5 million Israeli voters―just 3 weeks before the country is going to have a legislative election.

Read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html

Here comes the 2nd 'Patch Tuesday' of the year.

Adobe releases security patches for dozens of new critical flaws affecting:

➡ Adobe Framemaker
➡ Acrobat and Reader
➡ Flash Player
➡ Digital Edition
➡ Experience Manager

Read more: https://thehackernews.com/2020/02/adobe-software-update.html
#cybersecurity

⭐ Microsoft Patch Tuesday — February 2020 Edition

➡ 99 new flaws,
➡ 5 were disclosed publicly,
➡ 1 is under active attack,
➡ 2 affect remote desktop client,
➡ 1 lets bypass secure boot,
➡ 1 RCE via LNK shortcuts,
➡ and more...

Read: https://thehackernews.com/2020/02/microsoft-windows-updates.html

Watch Out!

500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://thehackernews.com/2020/02/chrome-extension-malware.html

#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.

A dozen new security flaws — collectively named 'SweynTooth' — affect millions of Bluetooth LE-powered devices.

Read: https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html

Affected products also include devices used in logistics & healthcare industry, malfunctioning of which can lead to hazardous events.

OpenSSH 8.2 released :

➡️ now supports FIDO U2F security keys for strong 2-factor authentication,

➡️ deprecated SSH-RSA public key signature algorithm.

Read details: https://thehackernews.com/2020/02/openssh-fido-security-keys.html

A critical vulnerability in ThemeGrill WordPress plugin—with over 200,000 active installations—could let unauthenticated attackers wipe the entire database of targeted sites and gain administrative access.

This WordPress plugin flaw remained undetected for the last 3 years, through ThemeGrill Demo Importer version 1.3.4 to 1.6.1.

A new fixed version has now been released, update the plugin and patch your sites ASAP!

Details: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html

Iranian hackers are exploiting unpatched 1-day enterprise VPN vulnerabilities to compromise network of organizations worldwide and implant backdoors for cyber espionage.

➡️ Pulse Secure Connect: CVE-2019-11510
➡️ Palo Alto Networks: CVE-2019-1579
➡️ Fortinet FortiOS: CVE-2018-13379
➡️ Citrix: CVE-2019-19781

Read: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html