Saturday, July 11, 2020

Russian hacker found guilty for Dropbox, LinkedIn, and Formspring breaches

Sentencing scheduled for September 2020.

Researchers create magstripe versions from EMV and contactless cards

Banking industry loophole reported more than a decade ago still remains open and ripe for exploitation today.

Amazon tells employees to remove TikTok from their phones due to security risk

Accessing the TikTok website from work laptops is still allowed, according to an internal email Amazon sent to employees today.

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data

The backdoor accounts grant access to a secret Telnet admin account running on the devices' external WAN interface.

Smartwatch tracker for the vulnerable can be hacked to send medication alerts

API issues could be exploited to make calls, spy on users, send fake messages, and more.

KingComposer patches XSS flaw impacting 100,000 WordPress websites

The vulnerability could be exploited to execute malicious payloads in visitor browsers.

Google bans stalkerware ads

New Google Ads policy that bans stalkerware enters into effect on August 11.

Zoom working on patching zero-day disclosed in Windows client

Security firm has disclosed today a zero-day vulnerability in Zoom's Windows client.

Researchers connect Evilnum hacking group to cyberattacks against Fintech firms

The APT is also a loyal customer of Golden Chickens, a Malware-as-a-Service outfit.

Google abandons Isolated Region cloud services project in China

Google says the Isolated Region project was scrapped due to other services offering “better outcomes.”

More pre-installed malware has been found in budget US smartphones

Cheap phones often have tradeoffs but researchers say this should never compromise user safety.

Nvidia fixes code execution vulnerability in GeForce Experience

Security updates have also been released for the JetPack software development kit.

Conti ransomware uses 32 simultaneous CPU threads for blazing-fast encryption

The Conti ransomware also abuses the Windows Restart Manager component to unlock apps and free up their data (for encryption).

Microsoft’s new KDP tech blocks malware by making parts of the Windows kernel read-only

New KDP security feature is currently being tested with Windows 10 Insider builds.

Google open-sources Tsunami vulnerability scanner

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible.

Civil rights auditors slam Facebook stance on Trump, voter suppression

Facebook has admitted there is still a “long way to go” to quell recent criticism of civil rights issue handling.

Fxmsp hacker indicted by feds for selling backdoor access to hundreds of companies

Backdoors into government networks and corporations were allegedly sold to other criminal enterprises.

Mozilla suspends Firefox Send service while it addresses malware abuse

Mozilla has temporarily suspended the Firefox Send file-sharing service while it adds a Report Abuse mechanism.

Free decryptor available for ThiefQuest ransomware victims

ThiefQuest (EvilQuest) ransomware victims can now recover their encrypted files for free, without needing to pay the ransom demand.

German authorities seize server that hosted data on US cops

BlueLeaks portal is now down. The website hosted 296 GB of files stolen from more than 200 US police departments and fusion training centers.

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.