WARNING: Update your iOS devices now!
Apple releases emergency iOS update to patch 3 actively exploited 0-day vulnerabilities.
Read details: https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html
✅ CVE-2020-27930
✅ CVE-2020-27932
✅ CVE-2020-27950
Apple releases emergency iOS update to patch 3 actively exploited 0-day vulnerabilities.
Read details: https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html
✅ CVE-2020-27930
✅ CVE-2020-27932
✅ CVE-2020-27950
Popular software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung successfully PWNED at Tianfu Cup 2020 cybersecurity contest—with previously unseen exploits.
Read details: https://thehackernews.com/2020/11/windows-10-ios-chrome-firefox-and.html
Read details: https://thehackernews.com/2020/11/windows-10-ios-chrome-firefox-and.html
👍1
November 2020 Patch Tuesday — Microsoft releases security updates for 112 newly discovered vulnerabilities, including an actively exploited zero-day flaw (CVE-2020-17087) disclosed by Google's security team last week.
https://thehackernews.com/2020/11/microsoft-releases-windows-security.html
https://thehackernews.com/2020/11/microsoft-releases-windows-security.html
In the latest wave of cyberattack against online shopping websites, Magecart 'Cardbleed' credit card hackers compromised over 2800 websites running outdated Magento e-commerce software.
Details: https://thehackernews.com/2020/11/over-2800-e-shops-running-outdated.html
Details: https://thehackernews.com/2020/11/over-2800-e-shops-running-outdated.html
🔥 Watch Out! A new PoS (point-of-sale) malware — dubbed "ModPipe — has been found stealing data from ORACLE MICROS systems at restaurants, hotels, and other hospitality establishments.
Read details: https://thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html
Read details: https://thehackernews.com/2020/11/new-modpipe-point-of-sale-pos-malware.html
⚡ SAD DNS Attack !!!
A series of new vulnerabilities (CVE-2020-25705) in Linux, Windows, macOS, and FreeBSD systems re-enable classic DNS cache poisoning attack, leaving millions of users vulnerable.
Details: https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html
A series of new vulnerabilities (CVE-2020-25705) in Linux, Windows, macOS, and FreeBSD systems re-enable classic DNS cache poisoning attack, leaving millions of users vulnerable.
Details: https://thehackernews.com/2020/11/sad-dns-new-flaws-re-enable-dns-cache.html
North Korean hackers abuse legitimate security software and stolen digital certificates to target Internet users in South Korea with RAT malware.
Details: https://thehackernews.com/2020/11/trojanized-security-software-hits-south.html
Details: https://thehackernews.com/2020/11/trojanized-security-software-hits-south.html
Researcher publicly revealed PoCs for as many as 12 Pre-Auth RCE vulnerabilities affecting #Cisco Security Manager (CSM)—a week after company quietly released an updated version without disclosing any of them.
Details: https://thehackernews.com/2020/11/researcher-discloses-critical-rce-flaws.html
Details: https://thehackernews.com/2020/11/researcher-discloses-critical-rce-flaws.html
Cybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018.
Read details: https://thehackernews.com/2020/11/chinese-apt-hackers-target-southeast.html
Read details: https://thehackernews.com/2020/11/chinese-apt-hackers-target-southeast.html
The Hacker News
Chinese APT Hackers Target Southeast Asian Government Institutions
Chinese APT Hacking Group Found Targeting Southeast Asian Government Institutions
A new feature in macOS Big Sur allows Apple's own apps to bypass firewalls and VPNs—potentially letting malware also exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers.
Read: https://thehackernews.com/2020/11/apple-lets-some-of-its-big-sur-macos.html
Read: https://thehackernews.com/2020/11/apple-lets-some-of-its-big-sur-macos.html
Wanna learn how to hack Bluetooth devices?
Try BLE HackMe, a free tool for Windows 10 that simulates various BLE devices without the need for any dedicated hardware and offers various hands-on hacking challenges for practice.
http://smartlockpicking.com/ble_hackme/
Try BLE HackMe, a free tool for Windows 10 that simulates various BLE devices without the need for any dedicated hardware and offers various hands-on hacking challenges for practice.
http://smartlockpicking.com/ble_hackme/
Smartlockpicking
Bluetooth Low Energy HackMe: the best way to learn BLE security basics while having fun!
Bluetooth Low Energy HackMe is is a free, open source tool: hands-on practical introduction to BLE security - without the need of any special hardware. Application simulates various BLE devices using your laptop's built-in Bluetooth adapter. You can actively…
A critical vulnerability uncovered in Real-Time Automation's (RTA) 499ES EtherNet/IP stack could open up the Industrial Control Systems (ICS) to remote cyberattacks.
Read details: https://thehackernews.com/2020/11/researchers-warn-of-critical-flaws.html
Read details: https://thehackernews.com/2020/11/researchers-warn-of-critical-flaws.html
WARNING — Don't Share images, videos, or voice messages over the "GO SMS Pro" app.
With over 100 MILLION installs, the popular messaging app contains an UNPATCHED flaw that could let anyone access any media file transferred b/w users.
Details: https://thehackernews.com/2020/11/warning-unpatched-bug-in-go-sms-pro-app.html
With over 100 MILLION installs, the popular messaging app contains an UNPATCHED flaw that could let anyone access any media file transferred b/w users.
Details: https://thehackernews.com/2020/11/warning-unpatched-bug-in-go-sms-pro-app.html
🔥 A Critical Bug in Facebook Messenger App for Android Could've Let Hackers Listen to the Person You Are Calling Before Even They Pick Up.
Read details: https://thehackernews.com/2020/11/facebook-messenger-bug-lets-hackers.html
Read details: https://thehackernews.com/2020/11/facebook-messenger-bug-lets-hackers.html
🔥 WARNING —— A critical UNPATCHED command injection vulnerability (CVE-2020-4006 / CVSSv3 9.1) affects multiple VMware products, allowing attackers to take control of vulnerable corporates systems.
Details: https://thehackernews.com/2020/11/critical-unpatched-vmware-flaw-affects.html
Details: https://thehackernews.com/2020/11/critical-unpatched-vmware-flaw-affects.html
BEWARE! Stantinko adware and coin-mining botnet is now targeting Linux servers with a new version of PROXY malware to fly under the radar.
Read details: https://thehackernews.com/2020/11/stantinko-botnet-now-targeting-linux.html
Read details: https://thehackernews.com/2020/11/stantinko-botnet-now-targeting-linux.html
Two highly popular Android apps from Chinese tech giant Baidu—Maps and Search Box—have been caught collecting sensitive user details, leaving millions of users trackable online.
Read more: https://thehackernews.com/2020/11/baidus-android-apps-caught-collecting.html
Read more: https://thehackernews.com/2020/11/baidus-android-apps-caught-collecting.html
A new two-factor authentication (2FA) bypass flaw reported in cPanel and WHM—popular web hosting administrative software.
Details: https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html
Details: https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html
Interpol arrests 3 Nigerian BEC scammers for compromising over 500,000 government and private sector companies in more than 150 countries.
Read details: https://thehackernews.com/2020/11/interpol-arrest-3-nigerian-bec-scammers.html
Read details: https://thehackernews.com/2020/11/interpol-arrest-3-nigerian-bec-scammers.html
The Hacker News
Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities
Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities
A new version of digitally-signed Bandook Trojan spotted in the wild, once again aiming at high-value targets across multiple sectors, including government, financial, energy, food industry, healthcare, education, IT, and legal institutions.
https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html
https://thehackernews.com/2020/11/digitally-signed-bandook-malware-once.html