CVE-2019-11043 🔥
A new RCE flaw in #PHP 7+ could allow attackers to hack sites running on #Nginx with php-fpm enabled on certain configurations—which is reportedly not uncommon.
Read Details ➤ https://t.co/coTu2lh1bK
➡️ PHP released patches
➡️ Researcher released PoC exploit
According to an official security advisory, the latest Exim the flaw (CVE-2019-16928) could potentially allow remote attackers to execute arbitrary code (RCE) on the vulnerable servers.
Read more: https://t.co/wVXyPhAs12
#infosec#cybersecurity
A #privacy flaw in Kaspersky #antivirus products by-default exposed its users to cross-site online tracking—even in incognito mode.
https://t.co/mfJU0whFMr
The 4-year-old flaw, CVE-2019-8286, could have allowed online trackers to identify you without even using browser cookies.
Important ➤ No, #Slack has not been breached again.
Company is just sending a quick notification to all those users who have not changed their password since 2015 #databreach and decided to reset passwords for all of them as a precautionary step.
Israel Defense Force neutralizes an "attempted" #cyberattack by blowing up a building in Gaza from where it claims the attack was originated by the jihadist hackers of Palestinian Hamas militant group.
https://t.co/6F1hoDjv0v
Here's an airstrike video shared by IDF.
📢 Did you know we have a Telegram channel?
👉 https://t.co/nTOCs9UYpD
Join official @TheHackerNews Telegram channel for breaking news alerts and updates on your phone.
#UCBrowser has been designed to download plugins from the company's servers and install them on users' devices without re-installing the app.
Turns out that the app communicates over HTTP and installs unsigned plugins, thus allowing MiTM attackers to push malicious modules.
[New] #Magecart hackers target bedding retailers "My Pillow" and "Amerisleep," and managed to steal payment card details for some of their customers
https://t.co/rAH3RSd9X7
—by @Unix_Root
Ransomware [LockerGoga] Attack Forces Norsk Hydro—One of the World's Largest Aluminum Manufacturers—to Shutdown Operations at Several of Its Plants Across Europe and the U.S.
https://t.co/rsSPsCvCAB
By @unix_root#cybersecurity#hacking#ransomware#infosec
EXCLUSIVE — A hacker who previously claimed to have hacked massive databases [millions of records] from multiple websites and then put them online for sale in 3 rounds has now come back with a new set of databases breached from 6 other websites
(story coming shortly, stay tuned)
⚠️ WARNING – Watch out for this new type of extremely creative #phishing attacks that even most vigilant users could fall for.
https://t.co/Pk253FLKbJ
Can you spot what's wrong with that OAuth browser window? 😉
—by @unix_root
UPDATE — Tainted "go-pear.phar" found on #PHP PEAR site appears to be planted after the last official release on 20 Dec, 2018
https://t.co/STdfQsNiek
Malicious file "spawn a reverse shell to IP 104.131.154.154" from infected servers, allowing attackers to take control over them
That Was Quick → Chinese Police have arrested a 22-year-old hacker for creating and spreading #ransomware across #China that compromised over 100,000 computers in just past 5 days, asking victims to pay ransom amount via #WeChat payment service.
https://t.co/s8XzLqpn49
BREAKING: Chinese #Spying Microchips Found Hidden On Server Motherboards Used By Top U.S. Companies, Including Apple, Amazon and 28 Others.
https://t.co/wgodP9UZZk
These Tiny Malicious Chips were Inserted During the Motherboards' Manufacturing Process in China.