Security News
Meta has sued several Chinese companies doing business as HeyMods, Highlight Mobi, and HeyWhatsApp for developing and allegedly using "Unofficial" WhatsApp Android apps to steal over one million WhatsApp accounts starting May 2022. Once installed, the apps used bundled malware to harvest sensitive info, including account authentication, to hijack their WhatsApp accounts to send spam messages.
Ever given a colleague a quick Signal call so you can sidestep a monitored workplace app? Well, we'd hope you're not in a highly regulated industry like staff at eleven of the world's most powerful financial firms, who yesterday were fined nearly $2 billion for off-channel comms. Banking giants including Goldman Sachs, Credit Suisse, and Citigroup agreed to pay $1.1 billion in penalties from the US Securities and Exchange Commission and $710 million in fines from the Commodity Futures Trading Commission in separate actions on Tuesday for failing to monitor and stop their workers from using unauthorized messaging apps.
One of them concerns CVE-2022-36934, a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12.
For the last day or two, our news feed has been buzzing with warnings about WhatsApp. Even access to a single "Sandboxed" app and its data can be all that an attacker wants or needs, especially if that app is the one you use for communicating securely with your colleagues, friends and family, like WhatsApp.
Iran is experiencing a near-total internet service disruption in the west and intermittent interruptions nationwide, with access to Instagram, Whatsapp and some mobile networks being blocked, says Netblocks. While Twitter and Facebook were banned in Iran years ago, Instagram and WhatsApp remained as one of the few accessible social media platforms in the country.
Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. So system library is used by any app, it triggers the execution of a trojan incorporated in libmtd.
The UK Information Commissioner's Office on Monday issued a reprimand and called for a review of how and whether messaging services should be used for government business practices, after finding widespread and potentially dangerous use of private email, WhatsApp and other messaging tools by officials at the Department of Health and Social Care. The actions ordered by ICO came after a year-long investigation as to whether the DHSC was compliant with the UK General Data Protection Regulations, the UK Data Protection Act 2018 and the Freedom of Information Act 2000 during the COVID-19 pandemic.
Sasi says that an attacker first needs to convince the victim to make a call to a number that starts with a Man Machine Interface code that the mobile carrier set up to enable call forwarding. "First, you receive a call from the attacker who will convince you to make a call to the following number **67* or *405*. Within a few minutes, your WhatsApp would be logged out, and the attackers would get complete control of your account" - Rahul Sasi.
WhatsApp is down according to user reports mentioning issues connecting to the messaging platform and the inability to send messages although still connected. Outage site DownDetector shows thousands of user reports that started streaming in around 4:15 PM EST, with affected WhatsApp users reporting the same issues from Europe, North and South America, and Asia.
Hackers employ voicemail phishing attacks on WhatsApp users. Hackers are continuing to get more creative when it comes to stealing personal information, and WhatsApp users should be on alert for any suspicious looking emails.