A new GRUB2 bootloader vulnerability (CVE-2020-10713) could let attackers bypass 'Secure Boot' & gain high-privileged persistent access to the targeted systems.

https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html

BILLIONS of devices running any Linux distributions, as well as Windows PCs are affected.

A new security flaw in popular Zoom video conference service could have let snoopers crack private meetings passwords in a few minutes, re-enabling zoom-bombing attacks.

Read details ➤ https://thehackernews.com/2020/07/zoom-meeting-password-hacking.html

Researchers reveal "Timeless Timing Attacks," a new technique that leverages HTTP/2 protocol for effective remote timing side-channel attacks to leak sensitive information—which otherwise in most cases practically infeasible because of the network congestion between the adversary and target server.

Learn more: https://thehackernews.com/2020/07/http2-timing-side-channel-attacks.html

In its first-ever sanctions against cyberattacks, the European Union imposes restrictive measures against hackers from Chinese, Russian and North Korean—who're also wanted by the FBI—and companies involved in various attacks.

Read: https://thehackernews.com/2020/07/sanctions-against-wanted-hackers.html

— BREAKING —

A 17-year-old 'Mastermind' and two other 19 & 22-year-old suspected hackers behind the biggest Twitter hack have been arrested.

Details: https://thehackernews.com/2020/07/twitter-hacker-arrested.html

On July 15, several high-profile accounts were hijacked as part of a massive bitcoin scam.

U.S. intelligence agencies are warning of a new variant of 12-year-old 'Taidoor' computer virus that Chinese state-sponsored hackers are using to target governments, corporations, and think tanks worldwide.

Read detail —
https://thehackernews.com/2020/08/chinese-hacking-malware.html

Researcher demonstrated a high-severity flaw in a new feature of Apple Touch ID that could have let network-attackers hijack your iCloud accounts.

Read details: https://thehackernews.com/2020/08/apple-touchid-sign-in.html

NEW — SafeBreach researcher identified 4 new variants of 'HTTP Request Smuggling' attack and demonstrated them against various commercial off-the-shelf web servers and HTTP proxy servers.

Read details: https://thehackernews.com/2020/08/http-request-smuggling.html

Researchers find several new attacks that exploit the true underlying root issue behind micro-architectural flaws that not just impacts the most recent Intel CPUs, but also modern processors from ARM, IBM, and AMD—previously believed to be unaffected.

https://thehackernews.com/2020/08/foreshadow-processor-vulnerability.html

Magecart hackers found executing credit card skimming attacks against several websites, leveraging homoglyph domains, and infected copycat Favicon icons for evasive phishing attacks.

Read details: https://thehackernews.com/2020/08/magecart-homograph-phishing.html

Capital One—5th largest U.S. credit card company—has been fined with $80 million for 2019 data breach that compromised the personal information of 106 million credit card holders due to its careless network security practices.

https://thehackernews.com/2020/08/capital-one-data-breach.html

Starting with Metasploit 6, which is currently under active development, all meterpreters will use AES to end-to-end encrypt their communications.

https://blog.rapid7.com/2020/08/06/metasploit-6-now-under-active-development/

Metasploit version 6.x with initial features is available on GitHub under the development branch.

Heads Up! Adobe on Tuesday, August 11, will release important security patch updates for Adobe Acrobat and Reader affecting Windows and macOS users.

DEF CON 28: Cybersecurity researcher demonstrated several vulnerabilities affecting Zoom video conferencing app for Linux, its production and development infrastructure, and the implementation of end-to-end encryption.

Read details: https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html

Warning: If you're using TeamViewer, make sure it's updated to the latest version.

TeamViewer recently patched a new vulnerability that could let remote attackers steal your system login credentials and compromise it—just convincing you into visiting a malicious web page once.
Read details: https://thehackernews.com/2020/08/teamviewer-password-hacking.html

🔥 Watch Out! A new critical vBulletin zero-day RCE vulnerability and its PoC exploits have been publicly disclosed, allowing attackers to bypass patch for an old RCE bug (CVE-2019-16759) and remotely compromise sites.

Details — https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html

A recently patched flaw in Chromium-based browsers—Chrome, Opera, or Edge for Windows, Mac, and Android—could let attackers bypass Content Security Policy (CSP) protection.

Details: https://thehackernews.com/2020/08/chrome-csp-bypass.html

Keep your web-browser software up-to-date.

PATCH! UPDATE! ALERT!

Newly discovered critical vulnerabilities could let unauthenticated attackers compromise on-premise Citrix XenMobile servers, an enterprise mobility management solution that enables companies to manage their employees' devices from a centralized system.

https://thehackernews.com/2020/08/citrix-endpoint-management.html

Multiple flaws in the 'Find My Phone' feature installed on Samsung Android smartphones could have allowed malicious app operators to:

✅ track victims' real-time location,
✅ monitor phone calls & messages,
✅ wipe data stored on the device.

Read details: https://thehackernews.com/2020/08/samsung-find-my-phone-hacking.html

⚡Hey Alexa, don't try to be too smart!

Just opening a link could've allowed hackers to install new malicious SKILLS to your Amazon's Alexa smart assistance devices and spy on your activities remotely—thanks to newly discovered flaws.

Details: https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html