Heads Up! Adobe on Tuesday, August 11, will release important security patch updates for Adobe Acrobat and Reader affecting Windows and macOS users.

DEF CON 28: Cybersecurity researcher demonstrated several vulnerabilities affecting Zoom video conferencing app for Linux, its production and development infrastructure, and the implementation of end-to-end encryption.

Read details: https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html

Warning: If you're using TeamViewer, make sure it's updated to the latest version.

TeamViewer recently patched a new vulnerability that could let remote attackers steal your system login credentials and compromise it—just convincing you into visiting a malicious web page once.
Read details: https://thehackernews.com/2020/08/teamviewer-password-hacking.html

🔥 Watch Out! A new critical vBulletin zero-day RCE vulnerability and its PoC exploits have been publicly disclosed, allowing attackers to bypass patch for an old RCE bug (CVE-2019-16759) and remotely compromise sites.

Details — https://thehackernews.com/2020/08/vBulletin-vulnerability-exploit.html

A recently patched flaw in Chromium-based browsers—Chrome, Opera, or Edge for Windows, Mac, and Android—could let attackers bypass Content Security Policy (CSP) protection.

Details: https://thehackernews.com/2020/08/chrome-csp-bypass.html

Keep your web-browser software up-to-date.

PATCH! UPDATE! ALERT!

Newly discovered critical vulnerabilities could let unauthenticated attackers compromise on-premise Citrix XenMobile servers, an enterprise mobility management solution that enables companies to manage their employees' devices from a centralized system.

https://thehackernews.com/2020/08/citrix-endpoint-management.html

Multiple flaws in the 'Find My Phone' feature installed on Samsung Android smartphones could have allowed malicious app operators to:

✅ track victims' real-time location,
✅ monitor phone calls & messages,
✅ wipe data stored on the device.

Read details: https://thehackernews.com/2020/08/samsung-find-my-phone-hacking.html

⚡Hey Alexa, don't try to be too smart!

Just opening a link could've allowed hackers to install new malicious SKILLS to your Amazon's Alexa smart assistance devices and spy on your activities remotely—thanks to newly discovered flaws.

Details: https://thehackernews.com/2020/08/amazon-alexa-hacking-skills.html

Explained ➤ How hackers can remotely decrypt VoLTE encryption to eavesdrop on "targeted phone calls" using a newly introduced attack called 'ReVoLT.'

Details and demo here: https://thehackernews.com/2020/08/a-team-of-academic-researcherswho.html

Researchers exploited a vulnerability in Emotet malware to create a KILL-SWITCH, and prevented it from spreading for six months.

Details — https://thehackernews.com/2020/08/emotet-botnet-malware.html

Watch Out! A critical vulnerability affecting Jenkins web-server [jetty] could let unauthenticated, remote attackers access sensitive information through HTTP responses—including session identifiers, authentication credentials/cookies, and other sensitive information.

Read details: https://thehackernews.com/2020/08/jenkins-server-vulnerability.html

Security patches included in the latest Jenkins 2.243 and Jenkins LTS 2.235.5 release.

A new memory-related vulnerability (CVE-2020-4414) affects IBM's Db2 family of data management products that could allow a local attacker to access sensitive data or cause DoS attacks.

https://thehackernews.com/2020/08/ibm-data-management.html

Microsoft issues emergency out-of-band security updates for Windows 8.1, RT 8.1, and Server 2012 R2 systems to patch two recently disclosed privilege escalation bugs (CVE-2020-1530 & CVE-2020-1537) affecting Remote Access Service (RAS).

Read: https://thehackernews.com/2020/08/windows-update-download.html

Experian's South Africa unit suffered a data breach incident exposing the personal information of 24 million customers and 793,749 business entities.

Read details — https://thehackernews.com/2020/08/experian-data-breach-attack.html

The credit rating agency says the attacker behind this breach has been identified.

Oh, JOBS! Hackers posing as recruiters in #malware attacks.

FBI and CISA are warning companies about a new malware, dubbed 'BLINDINGCAN,' which North Korean hackers are using to spy on high-value employees at targeted government contractors.

https://thehackernews.com/2020/08/job-offer-hackers.html

Uber's Former Chief Security Officer, Joe Sullivan, has been charged over covering-up 2016's massive data breach by paying hackers $100,000 ransom as a bug bounty reward.

Details: https://thehackernews.com/2020/08/uber-data-breach-cover-ups.html

This incident, which exposed 57 million users' data, was disclosed to the public almost a year later when Sullivan left the company.

⚠️ BEWARE !!!

A Google Drive 'Feature' — Unpatched Yet — Could Let Attackers Trick You Into Installing Malware Using Convincing Spear Phishing Attacks.

Learn more about it and watch demos: https://thehackernews.com/2020/08/google-drive-file-versions.html

Update your Apache-powered servers!

Google researcher reported 3 flaws in Apache that could lead to code execution and, in some scenarios, even allow attackers to cause a crash and denial of service remotely.

https://thehackernews.com/2020/08/apache-webserver-security.html

CVE-2020-9490
CVE-2020-11984
CVE-2020-11993

A Popular iOS SDK Has Been Caught Spying on Billions of Apple Users and Committing Ad Fraud.

Read Details: https://thehackernews.com/2020/08/ios-sdk-ad-fraud.html

⚡APT hackers-for-hire ...

APT hackers hired by competing private companies exploit #Autodesk 3D Max software to steal sensitive information from industrial targets.

Read details & get IoCs:
https://thehackernews.com/2020/08/autodesk-malware-attack.html