— BREAKING —

A 17-year-old 'Mastermind' and two other 19 & 22-year-old suspected hackers behind the biggest Twitter hack have been arrested.

Details: https://thehackernews.com/2020/07/twitter-hacker-arrested.html

On July 15, several high-profile accounts were hijacked as part of a massive bitcoin scam.

U.S. intelligence agencies are warning of a new variant of 12-year-old 'Taidoor' computer virus that Chinese state-sponsored hackers are using to target governments, corporations, and think tanks worldwide.

Read detail —
https://thehackernews.com/2020/08/chinese-hacking-malware.html

Researcher demonstrated a high-severity flaw in a new feature of Apple Touch ID that could have let network-attackers hijack your iCloud accounts.

Read details: https://thehackernews.com/2020/08/apple-touchid-sign-in.html

NEW — SafeBreach researcher identified 4 new variants of 'HTTP Request Smuggling' attack and demonstrated them against various commercial off-the-shelf web servers and HTTP proxy servers.

Read details: https://thehackernews.com/2020/08/http-request-smuggling.html

Researchers find several new attacks that exploit the true underlying root issue behind micro-architectural flaws that not just impacts the most recent Intel CPUs, but also modern processors from ARM, IBM, and AMD—previously believed to be unaffected.

https://thehackernews.com/2020/08/foreshadow-processor-vulnerability.html

Magecart hackers found executing credit card skimming attacks against several websites, leveraging homoglyph domains, and infected copycat Favicon icons for evasive phishing attacks.

Read details: https://thehackernews.com/2020/08/magecart-homograph-phishing.html

Capital One—5th largest U.S. credit card company—has been fined with $80 million for 2019 data breach that compromised the personal information of 106 million credit card holders due to its careless network security practices.

https://thehackernews.com/2020/08/capital-one-data-breach.html

Starting with Metasploit 6, which is currently under active development, all meterpreters will use AES to end-to-end encrypt their communications.

https://blog.rapid7.com/2020/08/06/metasploit-6-now-under-active-development/

Metasploit version 6.x with initial features is available on GitHub under the development branch.

Heads Up! Adobe on Tuesday, August 11, will release important security patch updates for Adobe Acrobat and Reader affecting Windows and macOS users.

DEF CON 28: Cybersecurity researcher demonstrated several vulnerabilities affecting Zoom video conferencing app for Linux, its production and development infrastructure, and the implementation of end-to-end encryption.

Read details: https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html

Warning: If you're using TeamViewer, make sure it's updated to the latest version.

TeamViewer recently patched a new vulnerability that could let remote attackers steal your system login credentials and compromise it—just convincing you into visiting a malicious web page once.
Read details: https://thehackernews.com/2020/08/teamviewer-password-hacking.html

🔥 Watch Out! A new critical vBulletin zero-day RCE vulnerability and its PoC exploits have been publicly disclosed, allowing attackers to bypass patch for an old RCE bug (CVE-2019-16759) and remotely compromise sites.

Details — https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html

A recently patched flaw in Chromium-based browsers—Chrome, Opera, or Edge for Windows, Mac, and Android—could let attackers bypass Content Security Policy (CSP) protection.

Details: https://thehackernews.com/2020/08/chrome-csp-bypass.html

Keep your web-browser software up-to-date.

PATCH! UPDATE! ALERT!

Newly discovered critical vulnerabilities could let unauthenticated attackers compromise on-premise Citrix XenMobile servers, an enterprise mobility management solution that enables companies to manage their employees' devices from a centralized system.

https://thehackernews.com/2020/08/citrix-endpoint-management.html

Multiple flaws in the 'Find My Phone' feature installed on Samsung Android smartphones could have allowed malicious app operators to:

✅ track victims' real-time location,
✅ monitor phone calls & messages,
✅ wipe data stored on the device.

Read details: https://thehackernews.com/2020/08/samsung-find-my-phone-hacking.html

⚡Hey Alexa, don't try to be too smart!

Just opening a link could've allowed hackers to install new malicious SKILLS to your Amazon's Alexa smart assistance devices and spy on your activities remotely—thanks to newly discovered flaws.

Details: https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html

Explained ➤ How hackers can remotely decrypt VoLTE encryption to eavesdrop on "targeted phone calls" using a newly introduced attack called 'ReVoLT.'

Details and demo here: https://thehackernews.com/2020/08/a-team-of-academic-researcherswho.html

Researchers exploited a vulnerability in Emotet malware to create a KILL-SWITCH, and prevented it from spreading for six months.

Details — https://thehackernews.com/2020/08/emotet-botnet-malware.html

Watch Out! A critical vulnerability affecting Jenkins web-server [jetty] could let unauthenticated, remote attackers access sensitive information through HTTP responses—including session identifiers, authentication credentials/cookies, and other sensitive information.

Read details: https://thehackernews.com/2020/08/jenkins-server-vulnerability.html

Security patches included in the latest Jenkins 2.243 and Jenkins LTS 2.235.5 release.

A new memory-related vulnerability (CVE-2020-4414) affects IBM's Db2 family of data management products that could allow a local attacker to access sensitive data or cause DoS attacks.

https://thehackernews.com/2020/08/ibm-data-management.html