Here comes the 2nd 'Patch Tuesday' of the year.

Adobe releases security patches for dozens of new critical flaws affecting:

➡ Adobe Framemaker
➡ Acrobat and Reader
➡ Flash Player
➡ Digital Edition
➡ Experience Manager

Read more: https://thehackernews.com/2020/02/adobe-software-update.html
#cybersecurity

⭐ Microsoft Patch Tuesday — February 2020 Edition

➡ 99 new flaws,
➡ 5 were disclosed publicly,
➡ 1 is under active attack,
➡ 2 affect remote desktop client,
➡ 1 lets bypass secure boot,
➡ 1 RCE via LNK shortcuts,
➡ and more...

Read: https://thehackernews.com/2020/02/microsoft-windows-updates.html

Watch Out!

500+ Chrome browser extensions caught stealing private data of over 1.7 million users

Read details ➤ https://thehackernews.com/2020/02/chrome-extension-malware.html

#Google has now removed them from its official Web Store, but if you still have any of them installed, remove immediately.

A dozen new security flaws — collectively named 'SweynTooth' — affect millions of Bluetooth LE-powered devices.

Read: https://thehackernews.com/2020/02/hacking-bluetooth-vulnerabilities.html

Affected products also include devices used in logistics & healthcare industry, malfunctioning of which can lead to hazardous events.

OpenSSH 8.2 released :

➡️ now supports FIDO U2F security keys for strong 2-factor authentication,

➡️ deprecated SSH-RSA public key signature algorithm.

Read details: https://thehackernews.com/2020/02/openssh-fido-security-keys.html

A critical vulnerability in ThemeGrill WordPress plugin—with over 200,000 active installations—could let unauthenticated attackers wipe the entire database of targeted sites and gain administrative access.

This WordPress plugin flaw remained undetected for the last 3 years, through ThemeGrill Demo Importer version 1.3.4 to 1.6.1.

A new fixed version has now been released, update the plugin and patch your sites ASAP!

Details: https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html

Iranian hackers are exploiting unpatched 1-day enterprise VPN vulnerabilities to compromise network of organizations worldwide and implant backdoors for cyber espionage.

➡️ Pulse Secure Connect: CVE-2019-11510
➡️ Palo Alto Networks: CVE-2019-1579
➡️ Fortinet FortiOS: CVE-2018-13379
➡️ Citrix: CVE-2019-19781

Read: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html

The U.S. Department of Homeland Security's CISA issues a warning to all industries operating critical infrastructures of a new ransomware threat after hackers targeted a Gas pipeline facility and knocked it out of operation for almost 2 days.

https://thehackernews.com/2020/02/critical-infrastructure-ransomware-attack.html

Amazon's Ring makes two-factor authentication security mandatory for all of its users following several recent reports of hackers gaining access to people's internet-connected #Ring doorbell and security cameras.

Read more: https://thehackernews.com/2020/02/ring-cameras-cybersecurity.html

Adobe today released security updates for Adobe After Effects (CVE-2020-3765) and Media Encoder (CVE-2020-3764) applications to patch 2 new critical code execution vulnerabilities.

Details: https://thehackernews.com/2020/02/adobe-software-updates.html

⚠️ Scam Alert ⚠️

You've Been Selected for 'Like of the Year 2020' Contest Cash Prizes !!!

That's an ongoing fraud scheme—yes, LIKE of the year—lures users with promises of financial rewards to steal their payment card information.

Details: https://thehackernews.com/2020/02/like-of-the-year-scam.html

Android's never-ending battle with malware...

Google has banned nearly 600 Android apps from the official Play Store for bombarding millions of users with disruptive ads and violating its advertising guidelines.

Read more: https://thehackernews.com/2020/02/android-adware-apps-banned.html

Microsoft releases a public preview of its Defender ATP Antivirus for Linux operating system —— And it's coming soon for Android and iOS later this year.

Read details ➤ https://thehackernews.com/2020/02/windows-defender-atp-linux-android.html

🔥 CVE-2020-8794

Yet another critical RCE vulnerability disclosed in OpenSMTPD email servers running on #OpenBSD or Linux systems.

Read: https://thehackernews.com/2020/02/opensmtpd-email-vulnerability.html

The 5-year-old bug could let attackers takeover vulnerable remote servers by sending specially crafted emails.

Important — Install latest Chrome browser update (80.0.3987.122) to patch 3 new high-severity vulnerabilities, one of which hackers are actively exploiting in the wild to hijack computers.

Read more: https://thehackernews.com/2020/02/google-chrome-zero-day.html

If you use Firefox, here's an important update that you need to be aware of.

Firefox is enabling "DNS-over-HTTPS" feature for all users in the U.S. (and soon for rest of the world) — by default with Cloudflare's DoH service.

Details ➤ https://thehackernews.com/2020/02/firefox-dns-over-https.html

⭐Google recommends Android developers to encrypt app data on the users' devices, especially when they use external storage that's prone to hijacking, man-in-the-disk, & other side-channel attacks.

Also, considering that there are not many reference frameworks available for the same, Google also offered an open-source crypto library—called JetSec—that lets developers easily read and write encrypted files by following best security practices.

Read details ➤ https://thehackernews.com/2020/02/android-app-data-encryption.html

Researchers uncover a new 📡 LTE network security vulnerability that could let attackers impersonate Android and iOS users on the 📶 4G networks.

Dubbed 'IMP4GT,' this new LTE attack could let remote attackers forge any traffic to the Internet with an identity (IP address) associated with the victims.

Read details ➤ https://thehackernews.com/2020/02/lte-network-4g-vulnerability.html

🔥 Kr00k Attack </>

New Wi-Fi chip-based #encryption flaw affects over a billion devices—including phones, laptops, routers, IoTs—that could let hackers decrypt packets transmitted by vulnerable devices without knowing WiFi password or connecting to it.

https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html

⭐ Milestone! Let's Encrypt has issued a BILLION free SSL certificates since its launch in 2015

Read here ➤ https://thehackernews.com/2020/02/lets-encrypt-ssl-certificate.html

Meanwhile, Apple also takes a significant step forward by limiting the maximum lifetime for TLS certs on its devices & Safari browser to 398 days