Saturday, July 11, 2020

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings.

Google Bans Stalkerware Ads – With a Loophole

Starting in August Google is banning ads of products or services promoting stalkerware.

Smartwatch Hack Could Trick Dementia Patients into Overdosing

Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.

Report: Most Popular Home Routers Have ‘Critical’ Flaws

Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix.

Microsoft Warns on OAuth Attacks Against Cloud App Users

Application-based attacks that use the passwordless "log in with..." feature common to cloud services are on the rise.

Zoom Zero-Day Allows RCE, Patch on the Way

Researchers said that the issue is only exploitable on Windows 7 and earlier.

Joker Android Malware Dupes Its Way Back Onto Google Play

A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.

BlueLeaks Server Seized By German Police: Report

The server contained almost 270 gigabytes of data collected from 200 police departments, law enforcement training and support resources and fusion centers.

‘Undeletable’ Malware Shows Up in Yet Another Android Device

Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.

Advertising Plugin for WordPress Threatens Full Site Takeovers

Thousands of vulnerable websites need to apply the patch to avoid RCE.

Notorious Hacker ‘Fxmsp’ Outed After Widespread Access-Dealing

The Kazakh native made headlines last year for hacking McAfee, Symantec and Trend Micro; but the Feds say he's also behind a widespread backdoor operation spanning six continents.

Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks

The phishing campaign targeted Office 365 accounts in 62 countries, using business-related reports and the coronavirus pandemic as lures.

15 Billion Credentials Currently Up for Grabs on Hacker Forums

Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.

BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges

The Nigerian native has been extradited from Dubai after a string of over-the-top Instagram posts.

Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites

Researchers warn that Keeper, using Magecart code, will launch increasingly sophisticated attacks against online merchants worldwide in the coming months.

Cerberus Banking Trojan Unleashed on Google Play

The Cerberus malware can steal banking credentials, bypass security measures and access text messages.

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Admins should patch their Citrix ADC and Gateway installs immediately.

Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites

A campaign discovered by Malwarebytes Labs in mid-April has lifted credentials from a number of e-commerce portals.

First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered

Researchers warn that Cosmic Lynx targets firms that don't use DMARC and uses a "mergers and acquisitions" pretext that can lead to large sums of money being stolen.

Android Users Hit with ‘Undeletable’ Adware

Researcher say that 14.8 percent of Android users who were targeted with mobile malware or adware last year were left with undeletable files.

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.