Yet Another Sudo Vulnerability!
When 'pwfeedback' is enabled, a new Sudo bug could let low privileged Linux & macOS users (or malicious programs) execute arbitrary commands with 'root' privileges.
Details for CVE-2019-18634 ➤ https://thehackernews.com/2020/02/sudo-linux-vulnerability.html
When 'pwfeedback' is enabled, a new Sudo bug could let low privileged Linux & macOS users (or malicious programs) execute arbitrary commands with 'root' privileges.
Details for CVE-2019-18634 ➤ https://thehackernews.com/2020/02/sudo-linux-vulnerability.html
👍1
Twitter warns hackers exploited an API bug on its platform to inappropriately match and learn linked phone numbers of millions of users.
https://thehackernews.com/2020/02/find-twitter-phone-number.html
Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.
https://thehackernews.com/2020/02/find-twitter-phone-number.html
Based on IP addresses engaged in the attack, Twitter believes some of them may have ties to state-sponsored actors.
A 'technical error' in Google Takeout service accidentally shared private videos (uploaded to Google Photos) of some users with other accounts.
https://thehackernews.com/2020/02/google-photos-videos.html
Google admitted the latest privacy mishap yesterday in a security alert sent quietly to affected users.
https://thehackernews.com/2020/02/google-photos-videos.html
Google admitted the latest privacy mishap yesterday in a security alert sent quietly to affected users.
🔥 CVE-2019-18426
WhatsApp for Web and Desktop contained multiple vulnerabilities, which, when combined together, could have even allowed remote attackers to read files from a victim's local file-system just by sending messages.
Read details: https://thehackernews.com/2020/02/hack-whatsapp-web.html
WhatsApp for Web and Desktop contained multiple vulnerabilities, which, when combined together, could have even allowed remote attackers to read files from a victim's local file-system just by sending messages.
Read details: https://thehackernews.com/2020/02/hack-whatsapp-web.html
A new security flaw (CVE-2020-6007) in Philips Smart Light Bulbs 💡 could let remote attackers gain access to your entire WiFi network (over-the-air without cracking password) & launch further attacks against other devices connected to the same.
Details: https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html
Details: https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html
The Hacker News
Flaw in Philips Smart Light Bulbs Exposes Your WiFi Network to Hackers
A new Zigbee vulnerability in Philips Hue Smart Light Bulbs could exposes your other devices connected to the same WiFi network at the risk of hacking.
Interesting! Researchers demonstrated a new clever technique to covertly exfiltrate sensitive data from a targeted Air-Gapped computer using the brightness of an LCD screen.
Read details: https://thehackernews.com/2020/02/hacking-air-gapped-computers.html
Read details: https://thehackernews.com/2020/02/hacking-air-gapped-computers.html
5 new high-impact vulnerabilities in Cisco discovery protocol expose tens of millions of enterprise-grade routers, switches, IP phones and cameras to hackers.
Details: https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html
Collectively dubbed ‘CDPwn,’ 4 out of 5 issues lead to Remote Code Execution attacks.
Details: https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html
Collectively dubbed ‘CDPwn,’ 4 out of 5 issues lead to Remote Code Execution attacks.
BREAKING: U.S. Department of Justice today announced charges against 4 Chinese military hackers who were allegedly involved in hacking into the Equifax credit reporting agency and stealing personal & financial data of nearly 150 million Americans.
Read: https://thehackernews.com/2020/02/equifax-chinese-military-hackers.html
Read: https://thehackernews.com/2020/02/equifax-chinese-military-hackers.html
A security loophole on the website of a voting management app used by the ruling party in Israel leaked personal data of all 6.5 million Israeli voters―just 3 weeks before the country is going to have a legislative election.
Read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html
Read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html
Here comes the 2nd 'Patch Tuesday' of the year.
Adobe releases security patches for dozens of new critical flaws affecting:
➡ Adobe Framemaker
➡ Acrobat and Reader
➡ Flash Player
➡ Digital Edition
➡ Experience Manager
Read more: https://thehackernews.com/2020/02/adobe-software-update.html
#cybersecurity
Adobe releases security patches for dozens of new critical flaws affecting:
➡ Adobe Framemaker
➡ Acrobat and Reader
➡ Flash Player
➡ Digital Edition
➡ Experience Manager
Read more: https://thehackernews.com/2020/02/adobe-software-update.html
#cybersecurity
⭐ Microsoft Patch Tuesday — February 2020 Edition
➡ 99 new flaws,
➡ 5 were disclosed publicly,
➡ 1 is under active attack,
➡ 2 affect remote desktop client,
➡ 1 lets bypass secure boot,
➡ 1 RCE via LNK shortcuts,
➡ and more...
Read: https://thehackernews.com/2020/02/microsoft-windows-updates.html
➡ 99 new flaws,
➡ 5 were disclosed publicly,
➡ 1 is under active attack,
➡ 2 affect remote desktop client,
➡ 1 lets bypass secure boot,
➡ 1 RCE via LNK shortcuts,
➡ and more...
Read: https://thehackernews.com/2020/02/microsoft-windows-updates.html
Watch Out!
500+ Chrome browser extensions caught stealing private data of over 1.7 million users
Read details ➤ https://thehackernews.com/2020/02/chrome-extension-malware.html
#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.
500+ Chrome browser extensions caught stealing private data of over 1.7 million users
Read details ➤ https://thehackernews.com/2020/02/chrome-extension-malware.html
#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.
The Hacker News
500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users
Over 500 Malicious Chrome Browser Extensions Caught Stealing Private Data of 1.7 Million Users
A dozen new security flaws — collectively named 'SweynTooth' — affect millions of Bluetooth LE-powered devices.
Read: https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html
Affected products also include devices used in logistics & healthcare industry, malfunctioning of which can lead to hazardous events.
Read: https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html
Affected products also include devices used in logistics & healthcare industry, malfunctioning of which can lead to hazardous events.
OpenSSH 8.2 released :
➡️ now supports FIDO U2F security keys for strong 2-factor authentication,
➡️ deprecated SSH-RSA public key signature algorithm.
Read details: https://thehackernews.com/2020/02/openssh-fido-security-keys.html
➡️ now supports FIDO U2F security keys for strong 2-factor authentication,
➡️ deprecated SSH-RSA public key signature algorithm.
Read details: https://thehackernews.com/2020/02/openssh-fido-security-keys.html
A critical vulnerability in ThemeGrill WordPress plugin—with over 200,000 active installations—could let unauthenticated attackers wipe the entire database of targeted sites and gain administrative access.
This WordPress plugin flaw remained undetected for the last 3 years, through ThemeGrill Demo Importer version 1.3.4 to 1.6.1.
A new fixed version has now been released, update the plugin and patch your sites ASAP!
Details: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html
This WordPress plugin flaw remained undetected for the last 3 years, through ThemeGrill Demo Importer version 1.3.4 to 1.6.1.
A new fixed version has now been released, update the plugin and patch your sites ASAP!
Details: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html
Iranian hackers are exploiting unpatched 1-day enterprise VPN vulnerabilities to compromise network of organizations worldwide and implant backdoors for cyber espionage.
➡️ Pulse Secure Connect: CVE-2019-11510
➡️ Palo Alto Networks: CVE-2019-1579
➡️ Fortinet FortiOS: CVE-2018-13379
➡️ Citrix: CVE-2019-19781
Read: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html
➡️ Pulse Secure Connect: CVE-2019-11510
➡️ Palo Alto Networks: CVE-2019-1579
➡️ Fortinet FortiOS: CVE-2018-13379
➡️ Citrix: CVE-2019-19781
Read: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html
The U.S. Department of Homeland Security's CISA issues a warning to all industries operating critical infrastructures of a new ransomware threat after hackers targeted a Gas pipeline facility and knocked it out of operation for almost 2 days.
https://thehackernews.com/2020/02/critical-infrastructure-ransomware-attack.html
https://thehackernews.com/2020/02/critical-infrastructure-ransomware-attack.html
Amazon's Ring makes two-factor authentication security mandatory for all of its users following several recent reports of hackers gaining access to people's internet-connected #Ring doorbell and security cameras.
Read more: https://thehackernews.com/2020/02/ring-cameras-cybersecurity.html
Read more: https://thehackernews.com/2020/02/ring-cameras-cybersecurity.html
Adobe today released security updates for Adobe After Effects (CVE-2020-3765) and Media Encoder (CVE-2020-3764) applications to patch 2 new critical code execution vulnerabilities.
Details: https://thehackernews.com/2020/02/adobe-software-updates.html
Details: https://thehackernews.com/2020/02/adobe-software-updates.html
⚠️ Scam Alert ⚠️
You've Been Selected for 'Like of the Year 2020' Contest Cash Prizes !!!
That's an ongoing fraud scheme—yes, LIKE of the year—lures users with promises of financial rewards to steal their payment card information.
Details: https://thehackernews.com/2020/02/like-of-the-year-scam.html
You've Been Selected for 'Like of the Year 2020' Contest Cash Prizes !!!
That's an ongoing fraud scheme—yes, LIKE of the year—lures users with promises of financial rewards to steal their payment card information.
Details: https://thehackernews.com/2020/02/like-of-the-year-scam.html