Search This Blog

Showing posts with label Israel. Show all posts

Flaw in WhatsApp could allow hackers alter messages







A cybersecurity firm has unearthed flaws in the messaging app WhatsApp that could let hackers alter users messages and change the texts.

Israeli-based cybersecurity firm Check Point Research (CPR) discovered the flaw, which could be exploited in three ways,  and warned that 'malicious actors' could easily use the glitch to spread misinformation and fake news.

 The experts detailed their findings at the Black Hat cyber-security conference in Las Vegas, which was attended by many other cybersecurity experts.

They screened a video in support of their findings. The video showed how swiftly a message can be manipulated.

The team claim that they notified Facebook about the issue last year, but they did not heed to their claims, as a result, it is yet to be resolved. 

In a written statement released by the CPR's site, the company said: 'Towards the end of 2018, Check Point Research notified WhatsApp about new vulnerabilities in the popular messaging application that would enable threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources.

'We believe these vulnerabilities to be of the utmost importance and require attention.' 
However, WhatsApp spokesman declined to comment.



Israeli spyware firm NSO can mine data from social media accounts









An Israeli spyware firm has claimed that they can scoop  user data from the world’s top social media, the Financial Times report. 

The powerful malware Pegasus from NSO Group is the same spyware that breached WhatsApp data earlier this year. 

The firm said that this time their malware can scrap data from the servers of Apple, Google, Amazon, Facebook, and Microsoft. 

According to the reports of the Times, the NSO group had “told buyers its technology can surreptitiously scrape all of an individual’s data from the servers of Apple, Google, Facebook, Amazon and Microsoft, according to people familiar with its sales pitch”.

However, the companies spokesperson denied the allegation in a in written statement to AFP’s request for comment. 
“There is a fundamental misunderstanding of NSO, its services and technology,” it said.

“NSO’s products do not provide the type of collection capabilities and access to cloud applications, services, or infrastructure as listed and suggested in today’s FT article.”

In the mean time, Amazon and Google told AFP that they have started an investigation on the basis of report, but so far found no evidence that the software had breached their systems or customer accounts.




WhatsApp vulnerability let attackers install Israeli Spyware on phones





A new vulnerability discovered in the WhatsApp allowed attackers install a malicious code on iPhones and Android phones by ringing up a target device.

“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number,” WhatsApp said. 

The company discovered the vulnerability and later issued a security patch, although till now, it is not known how many people have been affected by this. 

According to the reports, the attackers targeted the device by just placing a call, even if you didn’t answered a call, the malicious code could be transmitted to your phone and a log of the call often disappeared. 

WhatsApp is urging all its users to upgrade their app after it released a software update yesterday. 

'We believe a select number of users were targeted through this vulnerability by an advanced cyber actor,' WhatsApp told the Financial Times.

'This attack has all the hallmarks of a private company known to work with governments to deliver spyware that reportedly takes over the functions of mobile phone operating systems.

As per the Financial Times reports, the spyware was developed by NSO Group, an Israeli cybersecurity and intelligence company.


Iranian Hackers Come Worryingly close To Israel’s Missile Warning System





Israel's military scrambles to protect alerts from being undermined as Iranian hackers came 'worryingly close' to their missile warning system. In the wake of observing them to recognize their intent, the military blocked them after distinguishing the hackers in 2017 and when it turned out to be clear what their objective was.

Brigadier General Noam Shaar, outgoing head of the cyber defense division in the army's Cyber Defense Directorate, who has been associated with building up Israel's cyber defense operations for as far back as 20 years, says that,“We dealt with them and built another barrier and another monitoring system to make sure we could stop them if they tried again. We can’t wait until Iranian cyber becomes a major, major threat,”

While the U.S. - based cyber security firm FireEye Inc. in the wake of following attackers for a while, said in January that Iran could be behind a rush of hacks on government and communications infrastructure over the Middle East, North Africa, Europe and North America, Iran’s Information and Communications Technology Ministry and Telecommunications Ministry had no remarks on its supposed exercises.

In any case Iran has blamed Israel for cyber-attacks, as well, most recently in November when it said it rebuffed an Israeli cyber-attack on its telecommunications infrastructure.

Rhea Siers, a former senior official at the U.S. National Security Office, even says that, “The Iranians have been eager ‘to make themselves known’ in the cyber domain and have certainly done so, while it is certainly true that Israel is a key Iranian cyber target, that is different than assessing Iran’s strength across the entire cyber domain.”