π± GhostCat ~ A new high risk 'file read/inclusion' vulnerability (CVE-2020-1938) affects all versions of the 'Apache Tomcat' (9.x/8.x/7.x/6.x) released in the past 13 years.
Read details: https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html
Web admins should patch it immediately, as several proof-of-concept (PoC) exploits have been posted online.
Read details: https://thehackernews.com/2020/02/ghostcat-new-high-risk-vulnerability.html
Web admins should patch it immediately, as several proof-of-concept (PoC) exploits have been posted online.
Weekly Roundup : In Case You Missed Any Important Story!
β€ Microsoft Antivirus for Linux
https://bit.ly/32AaKeu
β€ OpenSMTPD / OpenBSD Bug
https://bit.ly/2vpKffq
β€ Chrome 0-Day Attacks
https://bit.ly/2VEB7OG
β€ Firefox DoH by Default
https://bit.ly/2T8apN0
β€ Mobile 4G Network Bug
https://bit.ly/2vi2dRh
β€ Wi-Fi Encryption Bug
https://bit.ly/3ciRYg6
β€ Apache Tomcat Bug
https://bit.ly/2Tb4Hd8
β€ Microsoft Antivirus for Linux
https://bit.ly/32AaKeu
β€ OpenSMTPD / OpenBSD Bug
https://bit.ly/2vpKffq
β€ Chrome 0-Day Attacks
https://bit.ly/2VEB7OG
β€ Firefox DoH by Default
https://bit.ly/2T8apN0
β€ Mobile 4G Network Bug
https://bit.ly/2vi2dRh
β€ Wi-Fi Encryption Bug
https://bit.ly/3ciRYg6
β€ Apache Tomcat Bug
https://bit.ly/2Tb4Hd8
SurfingAttack β Hackers can use ultrasonic guided waves to send inaudible commands and hijack voice-activated phones (Android, #
iPhone) & smart assistants.
Details & Demos β€ https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html
It works over a longer distance and without the need to be in line-of-sight.
iPhone) & smart assistants.
Details & Demos β€ https://thehackernews.com/2020/03/voice-assistants-ultrasonic-waves.html
It works over a longer distance and without the need to be in line-of-sight.
U.S. has charged and sanctioned 2 Chinese nationals for helping North Korean hackers (Lazarus Group) launder nearly $100 million that was stolen as part of $250 million heists during the hacks of two separate cryptocurrency exchanges
https://thehackernews.com/2020/03/cryptocurrency-lazarus-hackers.html
https://thehackernews.com/2020/03/cryptocurrency-lazarus-hackers.html
Researchers claim the CIA hackers were behind an 11-year-long hacking and cyber-espionage campaign against several critical Chinese industries (aviation, petroleum, and more) and government agencies.
Read more: https://thehackernews.com/2020/03/china-cia-hackers.html
Read more: https://thehackernews.com/2020/03/china-cia-hackers.html
β οΈ Important Notice β οΈ
Let's Encrypt is going to revoke 3,048,289 TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software.
Affected website owners have until 8 PM UTC (3 PM EST) March 4 to manually renew and replace their TLS HTTPS certificates, failing which visitors to the websites will be greeted with TLS security warnings β as the certificates are revoked β until the renewal process is complete.
Read details: https://thehackernews.com/2020/03/lets-encrypt-certificate-revocation.html
Let's Encrypt is going to revoke 3,048,289 TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software.
Affected website owners have until 8 PM UTC (3 PM EST) March 4 to manually renew and replace their TLS HTTPS certificates, failing which visitors to the websites will be greeted with TLS security warnings β as the certificates are revoked β until the renewal process is complete.
Read details: https://thehackernews.com/2020/03/lets-encrypt-certificate-revocation.html
π° Project Sandcastle </>
π Not happy with your expensive iPhone?
π Don't worry, you can now run Android on an iPhone.
A new hack gives users freedom to run a different operating system on the iPhone hardware.
Details here β€ https://thehackernews.com/2020/03/install-android-on-iphone.html
π Not happy with your expensive iPhone?
π Don't worry, you can now run Android on an iPhone.
A new hack gives users freedom to run a different operating system on the iPhone hardware.
Details here β€ https://thehackernews.com/2020/03/install-android-on-iphone.html
A massive unprotected, sensitive & real-time U.S. property and demographic database exposes over 200 million records to the Internet.
Read more: https://thehackernews.com/2020/03/us-property-records-database.html
At this moment, it's not known who, or which service, owns this database hosted on the Google Cloud server.
Read more: https://thehackernews.com/2020/03/us-property-records-database.html
At this moment, it's not known who, or which service, owns this database hosted on the Google Cloud server.
Telecom giant T-Mobile recently suffered yet another data breach.
Hackers compromise some of its employees' email accounts and unauthorizedly access information contained in their inboxes, including details of customers and other employees.
https://thehackernews.com/2020/03/hackers-compromise-t-mobile-employees.html
Hackers compromise some of its employees' email accounts and unauthorizedly access information contained in their inboxes, including details of customers and other employees.
https://thehackernews.com/2020/03/hackers-compromise-t-mobile-employees.html
Telecom provider Virgin Media recently suffered a data leak incident exposing personal details of roughly 900,000 customers.
Details β β https://thehackernews.com/2020/03/virgin-media-data-breach.html
Details β β https://thehackernews.com/2020/03/virgin-media-data-breach.html
A critical unpatchable "Root of Trust'" CSME flaw (CVE-2019-0090) affects all Intel CPUs released in the last 5 years.
https://thehackernews.com/2020/03/intel-csme-vulnerability.html
It could let hackers compromise cryptographic operations for hardware-enabled security technologies, including DRM, fTPM, and IPT.
https://thehackernews.com/2020/03/intel-csme-vulnerability.html
It could let hackers compromise cryptographic operations for hardware-enabled security technologies, including DRM, fTPM, and IPT.
π» AMD processors manufactured between 2011 and 2019 have been found vulnerable to 2 new side-channel attacks that could let attackers exploit cache-related feature to steal sensitive data.
β‘οΈ Collide+Probe
β‘οΈ Load+Reload
Details here:
https://thehackernews.com/2020/03/amd-processors-vulnerability.html
β‘οΈ Collide+Probe
β‘οΈ Load+Reload
Details here:
https://thehackernews.com/2020/03/amd-processors-vulnerability.html
A judge on Monday declared a mistrial in the case against an ex-CIA employee (Joshua Schulte) who was charged for stealing classified hacking tools (βVault 7β) from the agency and leaking it to WikiLeaks.
Read: https://thehackernews.com/2020/03/cia-joshua-schulte-hacking.html
Read: https://thehackernews.com/2020/03/cia-joshua-schulte-hacking.html
LVI Attacks π₯ CVE-2020-0551
A new hardware vulnerability affecting modern Intel CPUs puts virtual workloads and data centers at risk of hacking.
Read details: https://thehackernews.com/2020/03/intel-load-value-injection.html
It involves reversely exploiting Meltdown and MDS-type flaws to bypass existing defenses.
A new hardware vulnerability affecting modern Intel CPUs puts virtual workloads and data centers at risk of hacking.
Read details: https://thehackernews.com/2020/03/intel-load-value-injection.html
It involves reversely exploiting Meltdown and MDS-type flaws to bypass existing defenses.
In a large-scale coordinated operation, Microsoft successfully disrupted Necurs, one of the largest email-spam botnet malware networks that infected over 9 million computers worldwide.
https://thehackernews.com/2020/03/necurs-botnet-takedown.html
After cracking Necursβs domain generation algorithm, researchers predicted over 6 million web domains that the malware was supposed to use in the next 25 months; but Microsoft and related authorities hijacked them in advance to seize the malware operation.
https://thehackernews.com/2020/03/necurs-botnet-takedown.html
After cracking Necursβs domain generation algorithm, researchers predicted over 6 million web domains that the malware was supposed to use in the next 25 months; but Microsoft and related authorities hijacked them in advance to seize the malware operation.
Turns out mitigation against RowHammer attacks added to the latest DDR4 and LPDDR4 DRAM chips are still insufficient, allowing attackers to re-enable the critical bit-flipping vulnerability.
https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html
Bonus: Researchers have also released 'TRRespass,' an open source RowHammer fuzzing tool that can identify sophisticated hammering patterns to mount real-world attacks.
https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html
Bonus: Researchers have also released 'TRRespass,' an open source RowHammer fuzzing tool that can identify sophisticated hammering patterns to mount real-world attacks.
Beware of 'Coronavirus Maps' !!!
Are you tracking the outbreak or leading hackers directly into your computers?
Cybercriminals exploiting users' increased interest in learning about coronavirus to spread password-stealing malware to millions.
https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
Are you tracking the outbreak or leading hackers directly into your computers?
Cybercriminals exploiting users' increased interest in learning about coronavirus to spread password-stealing malware to millions.
https://thehackernews.com/2020/03/coronavirus-maps-covid-19.html
CVE-2020-0796
Microsoft warning billions of users of a new UNPATCHED "wormable" RCE flaw in SMBv3 protocolβafter its existence accidentally got leaked.
Read: https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html
Disable SMB compression & block SMB (port 137, 139, 445) inbound/outbound to avoid attacks.
Microsoft warning billions of users of a new UNPATCHED "wormable" RCE flaw in SMBv3 protocolβafter its existence accidentally got leaked.
Read: https://thehackernews.com/2020/03/smbv3-wormable-vulnerability.html
Disable SMB compression & block SMB (port 137, 139, 445) inbound/outbound to avoid attacks.
β‘ March 2020 Patch Tuesday Edition:
Microsoft releases latest security updates for various versions of Windows OS & related software to patch a total of 115 new vulnerabilities.
β26 Critical
β88 Important
β1 Moderate
Read: https://thehackernews.com/2020/03/microsoft-patch-tuesday-march-2020.html
Microsoft releases latest security updates for various versions of Windows OS & related software to patch a total of 115 new vulnerabilities.
β26 Critical
β88 Important
β1 Moderate
Read: https://thehackernews.com/2020/03/microsoft-patch-tuesday-march-2020.html
β‘ URGENT
Just-In: Microsoft has finally released an update to fix a recently disclosed dangerous wormable RCE vulnerability in SMBv3 protocol β PATCH it ASAP!
https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html
This flaw could let hackers launch self-propagating malware attacks.
Just-In: Microsoft has finally released an update to fix a recently disclosed dangerous wormable RCE vulnerability in SMBv3 protocol β PATCH it ASAP!
https://thehackernews.com/2020/03/patch-wormable-smb-vulnerability.html
This flaw could let hackers launch self-propagating malware attacks.