Security News

Spyware maker NSO runs scared from Facebook over WhatsApp hacking charges, fails to show up in court
2020-03-09 11:39

The Social Network chalked up an easy win this week when a US court issued a default notice in its favor against Israeli spyware builder NSO group. Facebook filed suit back in 2019, alleging NSO developed code for exploits in acquired crypto chat app WhatsApp.

Google stops indexing WhatsApp chats; other search engines still at it
2020-02-25 17:51

A simple Google search could lead people to invite codes that would let them find and join private WhatsApp group chats, given that the pages were indexed by Google. This is past tense, at least for Google search: as of Saturday, WhatsApp tweaked the glitch out of existence, though the search was still working on other, major search engines as of today.

WhatsApp Defends Encryption as It Tops 2 Billion Users
2020-02-13 13:27

The Facebook-owned messaging service WhatsApp said Wednesday it now has more than two billion users around the world as it reaffirmed its commitment to strong encryption to protect privacy. The statement said WhatsApp remained committed to its "Strong encryption" that enables users to connect privately even amid calls by law enforcement in the United States and elsewhere to provide more access.

Update now – WhatsApp flaw gave attackers access to local files
2020-02-06 15:39

The immediate problem was caused by a gap in WhatsApp's Content Security Policy, a security layer used to protect against common types of attack, including XSS. Using modified JavaScript in a specially crafted message, an attacker could exploit this to feed victims phishing and malware links in weblink previews in ways that would be invisible to the victim. An underlying problem is that WhatsApp desktop uses older versions of Google's Chromium framework, written using the cross-platform Electron platform.

Terrifying bug in WhatsApp allows hackers to steal files. So get patching all nine of you using it on the desktop
2020-02-05 23:56

A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer - if they use the desktop client paired with the iPhone app. The security bug was fixed in January by Facebook in WhatsApp Desktop version 0.3.9309 and later.

WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE
2020-02-05 16:50

Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. "Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message."

Vulnerability in WhatsApp Desktop Exposed User Files
2020-02-05 15:34

The vulnerability was discovered by PerimeterX security researcher Gal Weizman, who said he found multiple issues in WhatsApp Desktop, starting with an open redirect into persistent XSS and Content Security Policy bypass, and then a "Cross platforms read from the local file system." One of the main issues Weizman identified was that an attacker could modify WhatsApp reply messages to include quotes of messages the recipient never sent.

This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs
2020-02-04 20:22

When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.

This WhatsApp Bug Could Have Let Attackers Access Files On Your PCs
2020-02-04 12:22

When combined together, the reported issues could have even enabled hackers to remotely steal files from the Windows or Mac computer of a victim using the WhatsApp desktop app by merely sending a specially crafted message. In a blog post published today, Weizman revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.

Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication
2020-01-30 18:03

Beyond these high-profile instances, various journalists and human rights activists have been targeted globally after a WhatsApp zero-day vulnerability was exploited by attackers who were able to inject spyware onto victims' phones. Vanunu, head of products vulnerability research at Check Point research, has seen his share of WhatsApp vulnerabilities - the researcher at Black Hat 2019 demoed several flaws in the messaging platform could be used to manipulate chats, for instance.