Hacker Discloses New Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability.
SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege escalation flaw residing in Microsoft Data Sharing (dssvc.dll).

British Airways Data Breach Takes Off Again with 185K More Victims

The news comes on the heels of a breach at Cathay Pacific exposing 9.4 million people.

British Airways said that the data breach it first reported in September is larger than previously thought. It has added an additional 185,000 victims to the official tally.

The airline said that hackers may have stolen personal data connected to an additional 77,000 payment cards, including name, billing address, email address and card payment information – including card number, expiry date and CVV. And, it uncovered a further 108,000 cards that were exposed without CVV.

18,000 Android apps found with malicious code that steals messages

Researchers from Palo Alto Networks, has confirmed that Taomike, a Chinese mobile advertising company, has been distributing a malicious Software Development Kit (SDK) that allows Android developers for implementing in-app purchases (IAPs) for Android apps.

The SDK, which can be downloaded for free via Taomike, steals all messages on infected phones and sends them to the Taomike controlled server.

Hackers Used Malicious MDM Solution to Spy On 'Highly Targeted' iPhone Users

Security researchers have uncovered a "highly targeted" mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.

The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and enforce policies on devices being used their employees—to contol and deploy malicious applications remotely. click here