Android's never-ending battle with malware...

Google has banned nearly 600 Android apps from the official Play Store for bombarding millions of users with disruptive ads and violating its advertising guidelines.

Read more: https://thehackernews.com/2020/02/android-adware-apps-banned.html

Microsoft releases a public preview of its Defender ATP Antivirus for Linux operating system —— And it's coming soon for Android and iOS later this year.

Read details ➤ https://thehackernews.com/2020/02/windows-defender-atp-linux-android.html

🔥 CVE-2020-8794

Yet another critical RCE vulnerability disclosed in OpenSMTPD email servers running on #OpenBSD or Linux systems.

Read: https://thehackernews.com/2020/02/opensmtpd-email-vulnerability.html

The 5-year-old bug could let attackers takeover vulnerable remote servers by sending specially crafted emails.

Important — Install latest Chrome browser update (80.0.3987.122) to patch 3 new high-severity vulnerabilities, one of which hackers are actively exploiting in the wild to hijack computers.

Read more: https://thehackernews.com/2020/02/google-chrome-zero-day.html

If you use Firefox, here's an important update that you need to be aware of.

Firefox is enabling "DNS-over-HTTPS" feature for all users in the U.S. (and soon for rest of the world) — by default with Cloudflare's DoH service.

Details ➤ https://thehackernews.com/2020/02/firefox-dns-over-https.html

⭐Google recommends Android developers to encrypt app data on the users' devices, especially when they use external storage that's prone to hijacking, man-in-the-disk, & other side-channel attacks.

Also, considering that there are not many reference frameworks available for the same, Google also offered an open-source crypto library—called JetSec—that lets developers easily read and write encrypted files by following best security practices.

Read details ➤ https://thehackernews.com/2020/02/android-app-data-encryption.html

Researchers uncover a new 📡 LTE network security vulnerability that could let attackers impersonate Android and iOS users on the 📶 4G networks.

Dubbed 'IMP4GT,' this new LTE attack could let remote attackers forge any traffic to the Internet with an identity (IP address) associated with the victims.

Read details ➤ https://thehackernews.com/2020/02/lte-network-4g-vulnerability.html

🔥 Kr00k Attack </>

New Wi-Fi chip-based #encryption flaw affects over a billion devices—including phones, laptops, routers, IoTs—that could let hackers decrypt packets transmitted by vulnerable devices without knowing WiFi password or connecting to it.

https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html

⭐ Milestone! Let's Encrypt has issued a BILLION free SSL certificates since its launch in 2015

Read here ➤ https://thehackernews.com/2020/02/lets-encrypt-ssl-certificate.html

Meanwhile, Apple also takes a significant step forward by limiting the maximum lifetime for TLS certs on its devices & Safari browser to 398 days

🐱 GhostCat ~ A new high risk 'file read/inclusion' vulnerability (CVE-2020-1938) affects all versions of the 'Apache Tomcat' (9.x/8.x/7.x/6.x) released in the past 13 years.

Read details: https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html

Web admins should patch it immediately, as several proof-of-concept (PoC) exploits have been posted online.

Weekly Roundup : In Case You Missed Any Important Story!

➤ Microsoft Antivirus for Linux
https://bit.ly/32AaKeu

➤ OpenSMTPD / OpenBSD Bug
https://bit.ly/2vpKffq

➤ Chrome 0-Day Attacks
https://bit.ly/2VEB7OG

➤ Firefox DoH by Default
https://bit.ly/2T8apN0

➤ Mobile 4G Network Bug
https://bit.ly/2vi2dRh

➤ Wi-Fi Encryption Bug
https://bit.ly/3ciRYg6

➤ Apache Tomcat Bug
https://bit.ly/2Tb4Hd8

SurfingAttack — Hackers can use ultrasonic guided waves to send inaudible commands and hijack voice-activated phones (Android, #
iPhone) & smart assistants.

Details & Demos ➤ https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html

It works over a longer distance and without the need to be in line-of-sight.

U.S. has charged and sanctioned 2 Chinese nationals for helping North Korean hackers (Lazarus Group) launder nearly $100 million that was stolen as part of $250 million heists during the hacks of two separate cryptocurrency exchanges

https://thehackernews.com/2020/03/cryptocurrency-lazarus-hackers.html

Researchers claim the CIA hackers were behind an 11-year-long hacking and cyber-espionage campaign against several critical Chinese industries (aviation, petroleum, and more) and government agencies.

Read more: https://thehackernews.com/2020/03/china-cia-hackers.html

⚠️ Important Notice ⚠️

Let's Encrypt is going to revoke 3,048,289 TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software.

Affected website owners have until 8 PM UTC (3 PM EST) March 4 to manually renew and replace their TLS HTTPS certificates, failing which visitors to the websites will be greeted with TLS security warnings — as the certificates are revoked — until the renewal process is complete.

Read details: https://thehackernews.com/2020/03/lets-encrypt-certificate-revocation.html

🏰 Project Sandcastle </>

😔 Not happy with your expensive iPhone?

😃 Don't worry, you can now run Android on an iPhone.

A new hack gives users freedom to run a different operating system on the iPhone hardware.

Details here ➤ https://thehackernews.com/2020/03/install-android-on-iphone.html

A massive unprotected, sensitive & real-time U.S. property and demographic database exposes over 200 million records to the Internet.

Read more: https://thehackernews.com/2020/03/us-property-records-database.html

At this moment, it's not known who, or which service, owns this database hosted on the Google Cloud server.

Telecom giant T-Mobile recently suffered yet another data breach.

Hackers compromise some of its employees' email accounts and unauthorizedly access information contained in their inboxes, including details of customers and other employees.

https://thehackernews.com/2020/03/hackers-compromise-t-mobile-employees.html

Telecom provider Virgin Media recently suffered a data leak incident exposing personal details of roughly 900,000 customers.

Details ⁠— https://thehackernews.com/2020/03/virgin-media-data-breach.html

A critical unpatchable "Root of Trust'" CSME flaw (CVE-2019-0090) affects all Intel CPUs released in the last 5 years.

https://thehackernews.com/2020/03/intel-csme-vulnerability.html

It could let hackers compromise cryptographic operations for hardware-enabled security technologies, including DRM, fTPM, and IPT.