Swati Khandelwal

Yet Another Sudo #Vulnerability! When 'pwfeedback' is enabled, a new Sudo bug could let low privileged #Linux & #macOS users (or malicious programs) execute arbitrary commands with 'root' privileges. Details for CVE-2019-18634 ➤ https://thehackernews.com/2020/02/sudo-linux-vulnerability.html?utm_source=social_share … #infosec #cybersecurity

Wawa Breach ➤➤➤ Hackers put 30 million stolen payment card details for SALE on the #DarkWeb — making it one of the largest payment card breaches of all time. Read more: https://thehackernews.com/2020/01/wawa-credit-card-breach.html?utm_source=social_share … #infosec #cybersecurity

Researcher discloses details of two recently patched potentially dangerous flaws in #Microsoft Azure that could have let hackers target several businesses running web and mobile apps on the cloud servers. Read: https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html?utm_source=social_share … #infosec #cybersecurity #cloudcomputing

CVE-2020-7247 A new critical vulnerability in the OpenSMTPD mail daemon could let remote attackers take complete control over vulnerable OpenBSD and #Linux based e-mail servers by sending specially crafted SMTP messages. Read: https://thehackernews.com/2020/01/openbsd-opensmtpd-hacking.html?utm_source=social_share … via @security_wang

Great News! "Off-Facebook Activity" tool is now available to everyone. Learn how to find which 3rd-party 'websites you visited' or 'apps you used' have shared your activity data with #Facebook and also how to delete it. Read: https://thehackernews.com/2020/01/off-facebook-activity-data.html?utm_source=social_share … #infosec #privacy #tech

If your PC is running on any modern #Intel CPU built before Oct 2018, it's likely vulnerable to a new hardware issue, dubbed CacheOut (CVE-2020-0549), that could let attackers leak sensitive data from OS kernel, VMs and even from SGX enclave. https://thehackernews.com/2020/01/new-cacheout-attack-leaks-data-from.html?utm_source=social_share … #infosec

Researchers demonstrate how unwelcome guests could have found unique Zoom Meeting IDs & remotely eavesdrop on unprotected private sessions. https://thehackernews.com/2020/01/zoom-meeting-password.html?utm_source=social_share … Zoom now by default 'password protect' all meetings, and offers additional controls to prevent enumeration attack.

⮜ Operation Night Fury ⮞ Interpol arrested 3 #Magecart-style Indonesian hackers who compromised hundreds of International e-commerce websites and stole their users' payment card details by implanting JS-sniffers. https://thehackernews.com/2020/01/indonesian-magecart-hackers.html?utm_source=social_share … —by @unix_root

29-year-old Russian pleaded guilty to running: ➤ online marketplace, called CardPlanet, where cybercriminals bought & sold over 150,000 stolen Credit Cards, ➤ invite-only forum where hackers advertised stolen personal data & illegal services https://thehackernews.com/2020/01/russian-credit-card-hacker.html?utm_source=social_share … #infosec

Unprotected Database Exposes 250 Million #Microsoft Customer Support Records Online Read more: https://thehackernews.com/2020/01/microsoft-customer-support.html?utm_source=social_share … #infosec #cybersecurity

Saudi crown prince Mohammed bin Salman 'allegedly' hacked the smartphone of the world's richest man Jeff Bezos by sending him a #WhatsApp message containing a malicious video file, a forensic report claims. https://thehackernews.com/2020/01/saudi-prince-allegedly-hacked-worlds.html?utm_source=social_share … #Infosec #JamalKhashoggi #Amazon #cybersecurity

A month after disclosing existence of a critical RCE vulnerability (CVE-2019-19781) in #Citrix ADC & Gateway software—also under active ATTACKS—the company finally today released the 1st batch of security patches for versions 11.1 & 12.0 Read ➤ https://thehackernews.com/2020/01/citrix-adc-patch-update.html?utm_source=social_share … #infosec

Microsoft issues an advisory warning Windows users of a new zero-day #vulnerability in IE web browser that attackers are actively exploiting in the wild — and there's no patch yet available for it. https://thehackernews.com/2020/01/internet-explorer-zero-day-attack.html?utm_source=social_share … Mitigation & workarounds released — Disable JScript.dll

Advanced Phishing Protection: You can now turn your #iPhone or #iPad into a physical two-factor authentication security key for securely logging into your #Google accounts. Learn how to activate it ➤ https://thehackernews.com/2020/01/google-iphone-security-key.html?utm_source=social_share … It's available to #Android users since last year.

WARNING—Install Windows 10 Updates (Rolling Out Today) Immediately! Microsoft releases patches for a severe Windows #CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA). Read more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html?utm_source=social_share … #infosec

Adobe releases its first 2020 #PatchTuesday updates to fix a total of 9 new security vulnerabilities in #Adobe Experience Manager and Adobe Illustrator—5 of which are critical in severity. https://thehackernews.com/2020/01/adobe-software-updates.html … Install patches ASAP.