A WhatsApp security vulnerability could allow someone to intercept or manipulate your personal messages to make it look like you said something you didn’t.

A 2018 report from Check Point Research found three vulnerabilities within the popular Facebook-owned app.

Check Point found that an attacker could:

Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.

Alter the text of someone else’s reply, essentially putting words in their mouth.

Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation.”

Uber and Lyft may soon raise their prices, a bored teenager hacked popular education software, and Apple is upping its bounty to find iPhone vulnerabilities.

Here's the news you need to know, in two minutes or less.

Want to receive this two-minute roundup as an email every weekday?

Uber and Lyft suggest the days of cheap rides could be over

Uber and Lyft reported quarterly financial results this week and they're still losing plenty of money.

It seems that for now the two are more focused on improving profitability, and less on competing with each other, which means cheap rides and coupons may soon be a thing of the past.

You probably don’t think too much about your humble office printer.

But they’re a prime target for hackers, if any of the dozens of vulnerabilities found by security researchers are anything to go by.

The latest research by the NCC Group just revealed at the Def Con security conference shows just how easy of a target office printers can be.

Think about it: Office printers at some of the largest organizations in finance, government and tech all print corporate secrets — and classified material — and often keep a recorded copy in their memory.

Printers are also complicated devices — more so than most people realize — with multiple internet-connected components, networking protocols, printer languages and fonts and connected apps and devices, all of which have vulnerabilities.

No wonder they’re a target; office printers are a treasure trove of sensitive data.

Eighteen-year-old Bill Demirkapi, a recent high school graduate in Boston, Massachusetts, spent much of his latter school years with an eye on his own student data.

Through self-taught pen testing and bug hunting, Demirkapi found several vulnerabilities in a his school’s learning management system, Blackboard, and his school district’s student information system, known as Aspen and built by Follett, which centralizes student data, including performance, grades, and health records.

The former student reported the flaws and revealed his findings at the Def Con security conference on Friday.

Among one of the more damaging issues Demirkapi found in Follett’s student information system was an improper access control vulnerability, which if exploited could have allowed an attacker to read and write to the central Aspen database and obtain any student’s data.

Blackboard’s Community Engagement platform had several vulnerabilities, including an information disclosure bug.

A debugging misconfiguration allowed him to discover two subdomains, which spat back the credentials for Apple app provisioning accounts for dozens of school districts, as well as the database credentials for most if not every Blackboard’s Community Engagement platform, said Demirkapi.

Apple is now embracing hackers by offering special iPhones specifically for security researchers.

Apple's head of security, Ivan Krstic, unveiled the new program at Black Hat, a cybersecurity conference in Las Vegas.

They're specifically coded for developers who want to poke around iOS and Apple's hardware to find security flaws.

"This is an unprecedented fully Apple supported iOS security research platform," Krstic said at the conference.

The devices will come with advanced debug capabilities, Krstic added.

Companies often open up to hackers, with bug bounty programs, finding that outside security researchers can find vulnerabilities that their internal security teams might've missed.

Some of the most popular printers in use today could be putting users at risk due to serious security vulnerabilities.

Researchers at the NCC Group have discovered significant vulnerabilities in six commonly used enterprise printers which could open up organizations to potential attacks and data breaches.

The vulnerabilities were uncovered after the team tested multiple aspects of six mid-range enterprise printers including web application and web services, firmware and update capabilities and hardware analysis.

The team tested printers from HP, Ricoh, Xerox, Lexmark, Kyocera and Brother using basic tools to reveal a wide range of vulnerabilities with some emerging almost instantly.

If the vulnerabilities were exploited by attackers, the potential impact could range from denial of service attacks that could cause the printers to crash, backdoors that would allow attackers to maintain a hidden presence on an enterprise network or even the ability to spy on every print job sent and to send print jobs through to unauthorized parties.

Thankfully though, all of the vulnerabilities discovered by NCC Group have either been patched or will be in the near future.

Researchers at the NCC Group have discovered significant vulnerabilities in six commonly used enterprise printers which could open up organizations to potential attacks and data breaches.

The vulnerabilities were uncovered after the team tested multiple aspects of six mid-range enterprise printers including web application and web services, firmware and update capabilities and hardware analysis.

The team tested printers from HP, Ricoh, Xerox, Lexmark, Kyocera and Brother using basic tools to reveal a wide range of vulnerabilities with some emerging almost instantly.

NCC Group will present its findings at several security conferences including DEF CON, Hack in the Box and 44Con later this year.

If the vulnerabilities were exploited by attackers, the potential impact could range from denial of service attacks that could cause the printers to crash, backdoors that would allow attackers to maintain a hidden presence on an enterprise network or even the ability to spy on every print job sent and to send print jobs through to unauthorized parties.

Thankfully though, all of the vulnerabilities discovered by NCC Group have either been patched or will be in the near future.

Now Apple is taking an unprecedented step: distributing a more hacker-friendly iPhone to its favorite researchers, letting them hack the phone on "easy mode" in the interests of making it harder for everyone else.

Its iOS bug bounty will pay out up to $1.5 million for a single attack technique that a researcher discovers and shares discreetly with Apple.

At the Black Hat security conference Thursday, Ivan Krstić, Apple's head of security engineering and architecture, announced a broad revamping of the company's bug bounty program.

These devices will lack some layers of security protections so that their recipients may dig into the deeper, less examined core of the phone.

"We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms.

They'll also have debugging abilities that will allow researchers to easily scour the phone's code for flaws.

Apple is finally giving security researchers something they’ve wanted for years: a macOS bug bounty.

The technology giant said Thursday it will roll out the bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch, almost exactly three years after it debuted its bug bounty program for iOS.

The idea is simple: you find a vulnerability, you disclose it to Apple, they fix it — and in return you get a cash payout.

These programs are wildly popular in the tech industry as it helps to fund security researchers in exchange for serious security flaws that could otherwise be used by malicious actors, and also helps fill the void of bug finders selling their vulnerabilities to exploit brokers, and on the black market, who might abuse the flaws to conduct surveillance.

Some security researchers had flat-out refused to report security flaws to Apple in absence of a bug bounty.

At the Black Hat conference in Las Vegas, head of security engineering and architecture Ivan Krstić announced the program to run alongside its existing iOS bug bounty.

Valve's popular PC gaming platform Steam is vulnerable to a hugely damaging zero-day security vulnerability, experts have warned.

According to new findings, around 72 million Windows users are at risk of having their systems taken over by an attacker who could then install malware, steal data, compromise passwords and more.

The vulnerability was disclosed by security researcher Vasily Kravets, who discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system admin.

Zero-day defenses are a good reason why you need the latest version of Windows 10

A threat actor could take advantage of this by launching malware using those raised privileges, Kravets explained, saying:

"Some of the threats will remain even being run without administrator rights.

That's far from ideal, but even worse is if employees choose to download a second antivirus program.

), antivirus programs often conflict and fight each other, generating false positives and other bad results.

Unlike two deadbolts on a door, doubling up on security not only doesn't work with antivirus, it can actually sharply weaken security.

After all, if the company has already installed a high-level antivirus on the phone, why would an employee pay to install a second?

Every Android antivirus app should be able to detect and stop the attempt," the blog post said.

The apps that couldn't detect Metasploit, according to Comparitech, were AEGISLAB Antivirus Free, Antiy AVL Pro Antivirus & Security, Brainiacs Antivirus System, Fotoable Super Cleaner, MalwareFox Anti-Malware, NQ Mobile Security & Antivirus Free, Tap Technology Antivirus Mobile, and Zemana Antivirus & Security.

Probably the world’s most exclusive iPhone

Ivan Krstić, Apple’s head of security engineering provided big insights into Apple’s platform security during his presentation at Black Hat U.S. 2019.

The pre-jailbroken device lacks some of the layers of security Apple wraps around iPhones, so it is much easier for researchers to explore these systems for security weaknesses.

[ Take this mobile device management course from PluralSight and learn how to secure devices in your company without degrading the user experience. ]

Similar devices are widely used in Apple’s factories for testing and quality control, which has spawned a black market in them among security researchers, governments and others -- they are often spirited out of factories for sale.

The idea is that by opening up the platform a little, security pros will find it worthwhile to probe it for vulnerabilities and the black market in such devices will erode.

She’d recently flown back from a work trip and complained that her fingers had been painfully cold on her drive home from the airport, thanks to below-freezing winter weather and a circulatory system condition known as Raynaud’s disease.

So Jmaxxz had the idea to buy her a remote starter that would connected to her car’s dashboard and, with an accompanying device and app called Linkr, allow her to start the car's engine with a tap on her phone.

A security-minded software engineer for a company he declined to name, Jmaxxz wondered what sort of remote hacking he might have left his girlfriend’s car susceptible to.

"In the back of my head I kept thinking, what’s the risk of this system, I’m putting her car on the internet," he remembers.

In a talk at the Defcon hacker conference today in Las Vegas, Jmaxxz described a series of vulnerabilities in MyCar, a system made by Canadian company Automobility, whose software is rebranded and distributed under names including MyCar Kia, Visions MyCar, Carlink, and Linkr-LT1.

MyCar's devices and apps connect to radio-based remote start devices like Fortin, CodeAlarm, and Flashlogic, using GPS and a cellular connection to extend their range to anywhere with an internet connection.

Security researchers have discovered a slew of vulnerabilities affecting 4G hotspots from ZTE, and the company hasn't provided fixes for all of the affected devices.

The security flaws could allow a potential hacker to redirect traffic from the hotspot to other malicious websites, researchers said.

The vulnerabilities were disclosed on Saturday at Defcon, an annual hacking conference in Las Vegas.

A Pen Test Partners researcher who goes by the handle "Dave Null" described ZTE's security issues at length, as well as his concerns with how the Chinese phone company responded to the disclosure.

Null said that the vulnerabilities were simple to pull off -- an attacker only needed the victim to visit a malicious website using one of ZTE's hotspots.

The researcher found a model of hotspots were disclosing the device's passwords when a website's code requested it.

Vulnerabilities uncovered in WhatsApp — the messaging app used by about 1.5 billion users across the world — can allow bad actors to exploit the platform to manipulate or spoof chat messages.

The flaws would make it possible to “intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources,” the researchers noted.

Details of the vulnerabilities were disclosed by Israeli cybersecurity firm Checkpoint Research at Black Hat 2019 security conference in Las Vegas on August 7.

Alter and reword the text of user’s response, thereby “putting words in their mouth.”

Trick users into sending a private message to one person, when — in reality — their reply went to a more public WhatsApp group.

WhatsApp remains one of the most popular messaging platform, including countries like India where it’s used by over 400 million users.