Exclusive – Any MitronApp Account Can Be Hacked in Seconds.

Learn how ➤ https://thehackernews.com/2020/05/titok-mitron-app-hacking.html

The viral TikTok alternative, with over 5 million installations within just 1 month, contains an UNPATCHED auth bypass vulnerability.

It's also untrusted, don't use it.

💪 DABANGG, a fearless attack!

Indian IIT researchers demonstrate a new noise-resilient technique that makes Flush-based Cache attacks more effective against modern Intel and AMD processors.

Read details & watch demos — https://thehackernews.com/2020/05/noise-resilient-flush-attack.html

⚡ A highly critical vulnerability affecting Apple's 'Sign in with Apple' feature could have let attackers hack into anyone's account on 3rd-party service or apps.


Read details here ➤ https://thehackernews.com/2020/05/sign-in-with-apple-hacking.html

Apple paid researcher a whopping $100,000 bug bounty for this flaw.

Joomla Resources Directory (JRD) portal has suffered a data breach affecting thousands of accounts.

https://thehackernews.com/2020/06/joomla-data-breach.html

Affected web developers and service providers are advised to immediately change their passwords.

{NEW} Researchers disclose details + PoC for a critical vulnerability (CVE-2020-3956) in VMware's Cloud Director platform that could let attackers compromise private clouds within an entire infrastructure and access to sensitive information.

https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html

A set of 6 newly patched critical vulnerabilities uncovered in SAP's Sybase ASE database software could grant unprivileged attackers complete control over enterprise databases and the underlying systems.

Details — https://thehackernews.com/2020/06/newly-patched-sap-ase-flaws-could-let.html

IMPORTANT — Make sure you are running the latest version of Zoom video conferencing app on your Windows, macOS or Linux computers.

Two recently patched critical flaws in Zoom could let attackers hack PCs remotely by sending messages via chat.

https://thehackernews.com/2020/06/zoom-video-software-hacking.html

Along with the set of a new malware arsenal used by Chinese hackers targeting south Asian countries, researchers spotted a never-seen-before espionage tool—called USBCulprit—that aims to steal data from air-gapped computers.

https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html

Any user account on the 'secure' Digilocker service (by Indian Government) could have been accessed with an OPT / Password due to a now-patched critical flaw, allowing attackers to steal sensitive documents stored on it.

Details: https://thehackernews.com/2020/06/aadhar-digilocker-hacked.html

(NEW) Magecart hackers implant (still there, unpatched and stealing) digital creditcard skimming code on three emergency services-related content and forum websites via misconfigured Amazon S3 buckets.

Read more: https://thehackernews.com/2020/06/magecart-skimmer-amazon.html

SMBleed — A new security vulnerability (CVE-2020-1206) affects Windows SMBv3 protocol.

Details + PoC: https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html

An unauthenticated attacker (client/server) can also combine it with the "wormable" SMBGhost flaw to achieve RCE attacks.

~ June 2020 Patch Tuesday ~

Microsoft today released security patches for a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating system and related software.

Find details here: https://thehackernews.com/2020/06/windows-update-june.html

The Citizen Lab today outed an Indian IT firm 'BellTroX InfoTech' that was hired by private investigators and commercial clients to hack (and spy on) politicians, investors, journalists, and human rights defenders worldwide.

https://thehackernews.com/2020/06/hacker-for-hire-belltrox-india.html

Modern Intel processors found vulnerable to 2 new, distinct SGX side-channel attacks — "CrossTalk" (CVE-2020-0543) and "SGAxe" — that could let attackers tamper/steal sensitive data guarded within blocks of secured memory (TEE and SGX).

Read more: https://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html

A Bug in Facebook Messenger App for Windows Could've Helped Malware Gain Persistence
https://thehackernews.com/2020/06/facebook-malware-persistence.html

Make Sure You're Running the Latest Updated Version of the Messenger.

The light is WATCHING you !!! (👁️💡👁️)

Experts demonstrate a new attack that could let nearby remote spies listen to full conversations happening in a room just by observing a LIGHT BULB hanging in there, visible from a window.

Read Details — https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html

New high-impact vulnerabilities in GTP Mobile Internet Protocol — used in 2G / 3G / 4G / 5G networks — could let remote attackers:

✅ intercept user data
✅ carry out impersonation
✅ perform fraud
✅ launch DoS attacks

Read details — https://thehackernews.com/2020/06/mobile-internet-hacking.html

If your business operations rely on Oracle's E-Business Suite, make sure you're running the latest available version of it.

Researchers warn of "BigDebIT" vulnerabilities (9.9 CVSS score) that they suspect many organizations haven't yet patched.

https://thehackernews.com/2020/06/oracle-e-business-suite.html

⚡ Ripple 20 — New vulnerabilities affect billions of Internet-connected devices, many of which used across critical infrastructures.

Details: https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html

The flaws could let remote attackers hijack affected devices &, subsequently, target other connected devices.

Hackers found targeting key employees at Aerospace and Military organizations by posing as HRs offering jobs via LinkedIn.

Read more about "Operation In(ter)ception" — https://thehackernews.com/2020/06/military-aerospace-hacking.html

Though the primary purpose of the attack was cyber espionage, in some cases, they even tried siphoning money through BEC scams.