A new security flaw (CVE-2020-6007) in Philips Smart Light Bulbs 💡 could let remote attackers gain access to your entire WiFi network (over-the-air without cracking password) & launch further attacks against other devices connected to the same.

Details: https://thehackernews.com/2020/02/philips-smart-light-bulb-hacking.html

Interesting! Researchers demonstrated a new clever technique to covertly exfiltrate sensitive data from a targeted Air-Gapped computer using the brightness of an LCD screen.

Read details: https://thehackernews.com/2020/02/hacking-air-gapped-computers.html

5 new high-impact vulnerabilities in Cisco discovery protocol expose tens of millions of enterprise-grade routers, switches, IP phones and cameras to hackers.

Details: https://thehackernews.com/2020/02/cisco-cdp-vulnerabilities.html

Collectively dubbed ‘CDPwn,’ 4 out of 5 issues lead to Remote Code Execution attacks.

BREAKING: U.S. Department of Justice today announced charges against 4 Chinese military hackers who were allegedly involved in hacking into the Equifax credit reporting agency and stealing personal & financial data of nearly 150 million Americans.

Read: https://thehackernews.com/2020/02/equifax-chinese-military-hackers.html

A security loophole on the website of a voting management app used by the ruling party in Israel leaked personal data of all 6.5 million Israeli voters―just 3 weeks before the country is going to have a legislative election.

Read more: https://thehackernews.com/2020/02/Israeli-voter-data-leaked.html

Here comes the 2nd 'Patch Tuesday' of the year.

Adobe releases security patches for dozens of new critical flaws affecting:

➡ Adobe Framemaker
➡ Acrobat and Reader
➡ Flash Player
➡ Digital Edition
➡ Experience Manager

Read more: https://thehackernews.com/2020/02/adobe-software-update.html
#cybersecurity

⭐ Microsoft Patch Tuesday — February 2020 Edition

➡ 99 new flaws,
➡ 5 were disclosed publicly,
➡ 1 is under active attack,
➡ 2 affect remote desktop client,
➡ 1 lets bypass secure boot,
➡ 1 RCE via LNK shortcuts,
➡ and more...

Read: https://thehackernews.com/2020/02/microsoft-windows-updates.html

Watch Out!

500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://thehackernews.com/2020/02/chrome-extension-malware.html

#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.

A dozen new security flaws — collectively named 'SweynTooth' — affect millions of Bluetooth LE-powered devices.

Read: https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html

Affected products also include devices used in logistics & healthcare industry, malfunctioning of which can lead to hazardous events.

OpenSSH 8.2 released :

➡️ now supports FIDO U2F security keys for strong 2-factor authentication,

➡️ deprecated SSH-RSA public key signature algorithm.

Read details: https://thehackernews.com/2020/02/openssh-fido-security-keys.html

A critical vulnerability in ThemeGrill WordPress plugin—with over 200,000 active installations—could let unauthenticated attackers wipe the entire database of targeted sites and gain administrative access.

This WordPress plugin flaw remained undetected for the last 3 years, through ThemeGrill Demo Importer version 1.3.4 to 1.6.1.

A new fixed version has now been released, update the plugin and patch your sites ASAP!

Details: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html

Iranian hackers are exploiting unpatched 1-day enterprise VPN vulnerabilities to compromise network of organizations worldwide and implant backdoors for cyber espionage.

➡️ Pulse Secure Connect: CVE-2019-11510
➡️ Palo Alto Networks: CVE-2019-1579
➡️ Fortinet FortiOS: CVE-2018-13379
➡️ Citrix: CVE-2019-19781

Read: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html

The U.S. Department of Homeland Security's CISA issues a warning to all industries operating critical infrastructures of a new ransomware threat after hackers targeted a Gas pipeline facility and knocked it out of operation for almost 2 days.

https://thehackernews.com/2020/02/critical-infrastructure-ransomware-attack.html

Amazon's Ring makes two-factor authentication security mandatory for all of its users following several recent reports of hackers gaining access to people's internet-connected #Ring doorbell and security cameras.

Read more: https://thehackernews.com/2020/02/ring-cameras-cybersecurity.html

Adobe today released security updates for Adobe After Effects (CVE-2020-3765) and Media Encoder (CVE-2020-3764) applications to patch 2 new critical code execution vulnerabilities.

Details: https://thehackernews.com/2020/02/adobe-software-updates.html

⚠️ Scam Alert ⚠️

You've Been Selected for 'Like of the Year 2020' Contest Cash Prizes !!!

That's an ongoing fraud scheme—yes, LIKE of the year—lures users with promises of financial rewards to steal their payment card information.

Details: https://thehackernews.com/2020/02/like-of-the-year-scam.html

Android's never-ending battle with malware...

Google has banned nearly 600 Android apps from the official Play Store for bombarding millions of users with disruptive ads and violating its advertising guidelines.

Read more: https://thehackernews.com/2020/02/android-adware-apps-banned.html

Microsoft releases a public preview of its Defender ATP Antivirus for Linux operating system —— And it's coming soon for Android and iOS later this year.

Read details ➤ https://thehackernews.com/2020/02/windows-defender-atp-linux-android.html

🔥 CVE-2020-8794

Yet another critical RCE vulnerability disclosed in OpenSMTPD email servers running on #OpenBSD or Linux systems.

Read: https://thehackernews.com/2020/02/opensmtpd-email-vulnerability.html

The 5-year-old bug could let attackers takeover vulnerable remote servers by sending specially crafted emails.

Important — Install latest Chrome browser update (80.0.3987.122) to patch 3 new high-severity vulnerabilities, one of which hackers are actively exploiting in the wild to hijack computers.

Read more: https://thehackernews.com/2020/02/google-chrome-zero-day.html