Security News

UPDATE. A new Android malware family has been discovered, which targets popular messaging apps like WhatsApp and Facebook Messenger to gather intelligence on Android victims. Researchers assess with "High confidence" that the malware is operated by Wolf Research, a Germany-based spyware organization that develops and sells espionage-based malware to governments.

In an effort to stem what it says is misinformation being spread on its platform, WhatsApp is limiting the number of recipients to which its users can forward certain messages about the COVID-19 pandemic. Now, users of the Facebook-owned messaging app can only forward messages with double arrows - i.e., those that did not originate from a close contact - to one person rather than multiple WhatsApp contacts, according to a company post published Tuesday.

WhatsApp on Tuesday placed new limits on message forwarding as part of an effort to curb the spread of misinformation about the coronavirus pandemic. The new policy limits users to forwarding certain messages to one "Chat" at a time, aiming to limit the rapid propagation of content which is provocative but likely to be false.

Last week we wrote about a WhatsApp hoax that was spreading widely, warning people to look out for a cybersecurity catastrophe that simply wasn't going to happen. The City of London Police in turn link you to UK National Fraud and Cyber Crime Reporting Centre's ActionFraud website, where you will see that the "City of London Police hasn't issued any alerts about fake messages from Danske Bank.".

Join Sophos experts for the latest cybersecurity news and advice.

An IT colleague has advised that a video comes out tomorrow from WhatsApp called martinelli do not open it , it hacks your phone and nothing will fix it. If you receive a message to update the WhatsApp to WhatsApp Gold, do not click!!!!!

The Social Network chalked up an easy win this week when a US court issued a default notice in its favor against Israeli spyware builder NSO group. Facebook filed suit back in 2019, alleging NSO developed code for exploits in acquired crypto chat app WhatsApp.

A simple Google search could lead people to invite codes that would let them find and join private WhatsApp group chats, given that the pages were indexed by Google. This is past tense, at least for Google search: as of Saturday, WhatsApp tweaked the glitch out of existence, though the search was still working on other, major search engines as of today.

The Facebook-owned messaging service WhatsApp said Wednesday it now has more than two billion users around the world as it reaffirmed its commitment to strong encryption to protect privacy. The statement said WhatsApp remained committed to its "Strong encryption" that enables users to connect privately even amid calls by law enforcement in the United States and elsewhere to provide more access.

The immediate problem was caused by a gap in WhatsApp's Content Security Policy, a security layer used to protect against common types of attack, including XSS. Using modified JavaScript in a specially crafted message, an attacker could exploit this to feed victims phishing and malware links in weblink previews in ways that would be invisible to the victim. An underlying problem is that WhatsApp desktop uses older versions of Google's Chromium framework, written using the cross-platform Electron platform.