logo
logo
Sign in
Geekz Snow 2019-08-08

Hackers could be able to doctor WhatsApp messages due to a flaw in the messaging app's security protection, experts have warned.

Researchers from Check Point have revealed that vulnerabilites in WhatsApp could allow hackers to gain access to a user's conversations and alter the content within.

The flaw, published at the Black Hat security confernce in Las Vegas, could affect both private and public chats, potentially leading to the spread of false information or "fake news" by what were thought to be trusted sources.

Check Point says that it found three different potential ways to alter WhatsApp conversations, all of which can be exploited using a particular tool that affects the app's quoting feature.

The first flaw looks to change how a message's sender is identified, allowing hackers to mis-attribute a message, with the second allowing third parties to change the text of a user's reply.

Also uncovered was a flaw that allows a user to send a private message to another group participant disguised as a public message to all - meaning that when the targeted individual responded, their reply was visible to everyone in the conversation.

collect
0
Paul Dalfio 2d
img
In today's era dominated by digital technology, safeguarding online security and personal privacy has become imperative. A WhatsApp hacker for hire is an individual or group claiming the ability to breach someone's WhatsApp account or messages without authorization. Use Strong, Unique Passwords: Select a complex and unique password for your WhatsApp account, avoiding the reuse of passwords across multiple accounts. Monitor Your Account Activity: Stay vigilant and monitor your WhatsApp account for any unusual activity. Building a Strong Online Security FoundationPreventing hacking attempts starts with establishing a robust security foundation.
collect
0
Geekz Snow 2019-08-08
img

A security firm has found a series of flaws in WhatsApp that could allow hackers to intercept and manipulate messages by changing the identity of a sender or altering their text.

Attackers could literally "put words in [someone's] mouth," security firm Check Point Research wrote in a press release on Wednesday.

This gives the attackers the power to "create and spread misinformation from what appear to be trusted sources," Check Point said.

Facebook, which owns WhatsApp, did not immediately respond to a request for comment.

Visit Business Insider's homepage for more stories.

A cybersecurity firm has discovered a flaw in WhatsApp that allows hackers to intercept and manipulate messages — potentially changing the identity of a message sender or altering their text.

collect
0
Geekz Snow 2019-08-09
img

Security researchers have cracked Apple’s FaceID biometric system yet again.

But there’s an unusual caveat to this trick: to successfully unlock an iPhone, the attackers first need to make sure the victim is out cold.

The attack involves putting a pair of modified glasses on the victim’s face.

That, coupled with carefully placing a piece of tape over the glasses’ lenses, makes it possible to circumvent FaceID and log into a victim’s iPhone.

Of course, the exploit is fairly difficult to pull off considering the attackers would need to figure out how to put the glasses on a victim without waking them up.

The attack leverages a biometrics function called “liveness” detection, designed to tell apart “fake” versus “real” features on people.

collect
0
Geekz Snow 2019-08-08
img

Moscow's 'sovereign internet' effort means new rules for the bad guys too

Black Hat The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business.

The rule would lead to Russia developing its own standalone network that could be cut off from all connections outside of the country if need be and continue to function.

"It creates this infrastructure that kind of isolates Russia a little bit," Charity Wright, a threat intelligence analyst with IntSights, told The Register.

"A lot of outsiders feel threatened because they feel they may not have access to the Russian internet, but really Russia's intention is to become sovereign over their own infrastructure so if there is an attack to cut them off, they can go on with business as usual."

While the Russian government is notorious for turning a blind eye to criminal hackers (and in some cases even enlisting them for official activities), the new law will still have a major impact on how cybercrime is conducted both within and outside the country.

collect
0
Geekz Snow 2019-08-08
img

Don't believe the numbers, say security watchers, it's worse than ever

Black Hat Ransomware infections may be down, but only because attackers are getting better at targeting them.

This is according to a report from Malwarebytes, whose team said that when it comes to crimeware figures, numbers can be deceiving.

Speaking to El Reg ahead of the 2019 Black Hat conference, Malwarebytes Labs director Adam Kujawa said that, while instances of consumer ransomware infections are down 25 per cent over the last year, attacks on businesses are skyrocketing, up a whopping 235 per cent over the same period.

Overall, the numbers would show that ransomware numbers have fallen.

After peaking at more than 5.7 million total detections in August of 2018, just over 3 million attacks by lockup malware were detected in June 2019.

collect
0
Geekz Snow 2019-08-10
img

She’d recently flown back from a work trip and complained that her fingers had been painfully cold on her drive home from the airport, thanks to below-freezing winter weather and a circulatory system condition known as Raynaud’s disease.

So Jmaxxz had the idea to buy her a remote starter that would connected to her car’s dashboard and, with an accompanying device and app called Linkr, allow her to start the car's engine with a tap on her phone.

A security-minded software engineer for a company he declined to name, Jmaxxz wondered what sort of remote hacking he might have left his girlfriend’s car susceptible to.

"In the back of my head I kept thinking, what’s the risk of this system, I’m putting her car on the internet," he remembers.

In a talk at the Defcon hacker conference today in Las Vegas, Jmaxxz described a series of vulnerabilities in MyCar, a system made by Canadian company Automobility, whose software is rebranded and distributed under names including MyCar Kia, Visions MyCar, Carlink, and Linkr-LT1.

MyCar's devices and apps connect to radio-based remote start devices like Fortin, CodeAlarm, and Flashlogic, using GPS and a cellular connection to extend their range to anywhere with an internet connection.

collect
0
Geekz Snow 2019-08-10
img

Security researchers have discovered a slew of vulnerabilities affecting 4G hotspots from ZTE, and the company hasn't provided fixes for all of the affected devices.

The security flaws could allow a potential hacker to redirect traffic from the hotspot to other malicious websites, researchers said.

The vulnerabilities were disclosed on Saturday at Defcon, an annual hacking conference in Las Vegas.

A Pen Test Partners researcher who goes by the handle "Dave Null" described ZTE's security issues at length, as well as his concerns with how the Chinese phone company responded to the disclosure.

Null said that the vulnerabilities were simple to pull off -- an attacker only needed the victim to visit a malicious website using one of ZTE's hotspots.

The researcher found a model of hotspots were disclosing the device's passwords when a website's code requested it.

collect
0
Geekz Snow 2019-08-09
img

For the last two years, hackers have come to the Voting Village at the DefCon security conference in Las Vegas to tear down voting machines and analyze them for vulnerabilities.

You know it better as Darpa, the government's mad science wing.

And Darpa wants you to know: its endgame goes way beyond securing the vote.

The agency hopes to use voting machines as a model system for developing a secure hardware platform—meaning that the group is designing all the chips that go into a computer from the ground up, and isn’t using proprietary components from companies like Intel or AMD.

“The goal of the program is to develop these tools to provide security against hardware vulnerabilities,” says Linton Salmon, the project’s program manager at Darpa.

To vote using the system, you go up to a touchscreen, make your picks (Which Is The Best Star Wars Movie; Are Hot Dogs Sandwiches), confirm your selections, and then send them to print out.

collect
0
Geekz Snow 2019-08-10

Valve's popular PC gaming platform Steam is vulnerable to a hugely damaging zero-day security vulnerability, experts have warned.

According to new findings, around 72 million Windows users are at risk of having their systems taken over by an attacker who could then install malware, steal data, compromise passwords and more.

The vulnerability was disclosed by security researcher Vasily Kravets, who discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system admin.

Zero-day defenses are a good reason why you need the latest version of Windows 10

A threat actor could take advantage of this by launching malware using those raised privileges, Kravets explained, saying:

"Some of the threats will remain even being run without administrator rights.

collect
0
Geekz Snow 2019-08-08
img

For two years in a row, hackers at Defcon have demonstrated that voting machines currently being used in US elections had serious security issues.

Now with the 2020 US presidential election quickly approaching, lawmakers who want to fix those vulnerabilities are heading to the hacking conference in Las Vegas to see them in person.

While there's no evidence that any votes were tampered with during the 2016 election, hackers have shown plenty of proof that the voting machines being used are vulnerable to attacks.

Lawmakers like Sen. Ron Wyden, a Democrat from Oregon, have proposed legislation to improve election security to make sure these vulnerabilities wouldn't affect future voters.

"White hat hackers do an invaluable public service in this technologic age by identifying security holes and, if necessary, shaming the government or the companies responsible into fixing them," Wyden said in a statement.

This comes after former special counsel Robert Mueller warned Congress last month that Russia would continue its efforts to hack US elections, telling lawmakers, "They're doing it as we sit here."

collect
0
Geekz Snow 2019-08-08
img

Apple Pay has a slew of protective features that make it a secure method of online credit card transactions.

And since 2016, third-party merchants and services have been able to embed Apple Pay into their websites and offer it as a payment option.

But at the Black Hat security conference in Las Vegas on Thursday, one researcher is presenting findings that this integration inadvertently introduces vulnerabilities that could expose the host website to attack.

But the findings illustrate the unintended issues that can emerge from web interconnections and third-party integrations.

Joshua Maddux, a security researcher at the analysis firm PKC Security, first noticed the issue last fall when he was implementing Apple Pay support for a client.

You set up Apple Pay functionality in your web service by integrating with the Apple Pay application programming interface—allowing Apple to power the module with its existing Apple Pay infrastructure.

collect
0
Geekz Snow 2019-08-08
img

Vulnerabilities uncovered in WhatsApp — the messaging app used by about 1.5 billion users across the world — can allow bad actors to exploit the platform to manipulate or spoof chat messages.

The flaws would make it possible to “intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources,” the researchers noted.

Details of the vulnerabilities were disclosed by Israeli cybersecurity firm Checkpoint Research at Black Hat 2019 security conference in Las Vegas on August 7.

Alter and reword the text of user’s response, thereby “putting words in their mouth.”

Trick users into sending a private message to one person, when — in reality — their reply went to a more public WhatsApp group.

WhatsApp remains one of the most popular messaging platform, including countries like India where it’s used by over 400 million users.

collect
0
Geekz Snow 2019-08-08
img

Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

Black Hat America's crime-fighters, desperate to recruit white-hat hackers to collar spies and cyber-crooks, have been quietly and slightly relaxing the ban on hiring anyone who has used illegal drugs.

Generally speaking, dabbling in any kind of substance abuse will rule you out of the running for a job at the NSA, Homeland Security, the FBI, and so forth.

It should, therefore, be no surprise that the Feds have been unable to recruit talented hacker folks, due to their past experimentation with chemicals.

What with marijuana now legal in various US states, including California, and it being 2019 and all, and recruitment of infosec bods is still somewhat of a struggle, it appears Uncle Sam is easing up.

So, if you haven't done anything bonkers, like injected mephedrone into your eyeballs over breakfast, and can pass, and continue to pass, a drug test, and you have the infosec skillz needed, Uncle Sam may well want you... to apply, at least.

collect
0
Geekz Snow 2019-08-09

Valve's popular PC gaming platform Steam is vulnerable to a zero-day security vulnerability which could leave 72m Windows users at risk of having their systems taken over by an attacker who could then install malware, steal data, compromise passwords and more.

The vulnerability was disclosed by a security researcher named Vasily Kravets just 45 days after submitting his report on the matter to Valve.

Typically researchers wait 90 days before publicly disclosing a vulnerability as it gives the affected businesses time to fix the vulnerabilities in their software.

Kravets discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system admin.

A threat actor could take advantage of this by launching malware using those raised privileges.

Kravets explained just how serious the vulnerability is, saying:

collect
0
Paul Dalfio 2024-03-08
img
This has given rise to a controversial and secretive market - the realm of Snapchat hackers for hire and Snapchat hacking services.  The Emergence of Snapchat Hacking Services:The demand for accessing private information on Snapchat has led to the proliferation of Snapchat hacking services. EthicalDilemmas:The ethical dilemmas surrounding the use of Snapchat hacking services are multifaceted.  The Legitimacy and Ethics of Snapchat Hacking:Legal Ramifications:Engaging in hacking activities, even through a hired service, is undoubtedly illegal in many jurisdictions. Ultimately, informed and vigilant users are the best defense against Snapchat hacking services.
collect
0
Geekz Snow 2019-08-08

Hackers could be able to doctor WhatsApp messages due to a flaw in the messaging app's security protection, experts have warned.

Researchers from Check Point have revealed that vulnerabilites in WhatsApp could allow hackers to gain access to a user's conversations and alter the content within.

The flaw, published at the Black Hat security confernce in Las Vegas, could affect both private and public chats, potentially leading to the spread of false information or "fake news" by what were thought to be trusted sources.

Check Point says that it found three different potential ways to alter WhatsApp conversations, all of which can be exploited using a particular tool that affects the app's quoting feature.

The first flaw looks to change how a message's sender is identified, allowing hackers to mis-attribute a message, with the second allowing third parties to change the text of a user's reply.

Also uncovered was a flaw that allows a user to send a private message to another group participant disguised as a public message to all - meaning that when the targeted individual responded, their reply was visible to everyone in the conversation.

Geekz Snow 2019-08-08
img

A security firm has found a series of flaws in WhatsApp that could allow hackers to intercept and manipulate messages by changing the identity of a sender or altering their text.

Attackers could literally "put words in [someone's] mouth," security firm Check Point Research wrote in a press release on Wednesday.

This gives the attackers the power to "create and spread misinformation from what appear to be trusted sources," Check Point said.

Facebook, which owns WhatsApp, did not immediately respond to a request for comment.

Visit Business Insider's homepage for more stories.

A cybersecurity firm has discovered a flaw in WhatsApp that allows hackers to intercept and manipulate messages — potentially changing the identity of a message sender or altering their text.

Geekz Snow 2019-08-08
img

Moscow's 'sovereign internet' effort means new rules for the bad guys too

Black Hat The introduction of Russia's Sovereign Internet rules is having an impact on the way criminal hackers around the world do business.

The rule would lead to Russia developing its own standalone network that could be cut off from all connections outside of the country if need be and continue to function.

"It creates this infrastructure that kind of isolates Russia a little bit," Charity Wright, a threat intelligence analyst with IntSights, told The Register.

"A lot of outsiders feel threatened because they feel they may not have access to the Russian internet, but really Russia's intention is to become sovereign over their own infrastructure so if there is an attack to cut them off, they can go on with business as usual."

While the Russian government is notorious for turning a blind eye to criminal hackers (and in some cases even enlisting them for official activities), the new law will still have a major impact on how cybercrime is conducted both within and outside the country.

Geekz Snow 2019-08-10
img

She’d recently flown back from a work trip and complained that her fingers had been painfully cold on her drive home from the airport, thanks to below-freezing winter weather and a circulatory system condition known as Raynaud’s disease.

So Jmaxxz had the idea to buy her a remote starter that would connected to her car’s dashboard and, with an accompanying device and app called Linkr, allow her to start the car's engine with a tap on her phone.

A security-minded software engineer for a company he declined to name, Jmaxxz wondered what sort of remote hacking he might have left his girlfriend’s car susceptible to.

"In the back of my head I kept thinking, what’s the risk of this system, I’m putting her car on the internet," he remembers.

In a talk at the Defcon hacker conference today in Las Vegas, Jmaxxz described a series of vulnerabilities in MyCar, a system made by Canadian company Automobility, whose software is rebranded and distributed under names including MyCar Kia, Visions MyCar, Carlink, and Linkr-LT1.

MyCar's devices and apps connect to radio-based remote start devices like Fortin, CodeAlarm, and Flashlogic, using GPS and a cellular connection to extend their range to anywhere with an internet connection.

Geekz Snow 2019-08-09
img

For the last two years, hackers have come to the Voting Village at the DefCon security conference in Las Vegas to tear down voting machines and analyze them for vulnerabilities.

You know it better as Darpa, the government's mad science wing.

And Darpa wants you to know: its endgame goes way beyond securing the vote.

The agency hopes to use voting machines as a model system for developing a secure hardware platform—meaning that the group is designing all the chips that go into a computer from the ground up, and isn’t using proprietary components from companies like Intel or AMD.

“The goal of the program is to develop these tools to provide security against hardware vulnerabilities,” says Linton Salmon, the project’s program manager at Darpa.

To vote using the system, you go up to a touchscreen, make your picks (Which Is The Best Star Wars Movie; Are Hot Dogs Sandwiches), confirm your selections, and then send them to print out.

Geekz Snow 2019-08-08
img

For two years in a row, hackers at Defcon have demonstrated that voting machines currently being used in US elections had serious security issues.

Now with the 2020 US presidential election quickly approaching, lawmakers who want to fix those vulnerabilities are heading to the hacking conference in Las Vegas to see them in person.

While there's no evidence that any votes were tampered with during the 2016 election, hackers have shown plenty of proof that the voting machines being used are vulnerable to attacks.

Lawmakers like Sen. Ron Wyden, a Democrat from Oregon, have proposed legislation to improve election security to make sure these vulnerabilities wouldn't affect future voters.

"White hat hackers do an invaluable public service in this technologic age by identifying security holes and, if necessary, shaming the government or the companies responsible into fixing them," Wyden said in a statement.

This comes after former special counsel Robert Mueller warned Congress last month that Russia would continue its efforts to hack US elections, telling lawmakers, "They're doing it as we sit here."

Geekz Snow 2019-08-08
img

Vulnerabilities uncovered in WhatsApp — the messaging app used by about 1.5 billion users across the world — can allow bad actors to exploit the platform to manipulate or spoof chat messages.

The flaws would make it possible to “intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources,” the researchers noted.

Details of the vulnerabilities were disclosed by Israeli cybersecurity firm Checkpoint Research at Black Hat 2019 security conference in Las Vegas on August 7.

Alter and reword the text of user’s response, thereby “putting words in their mouth.”

Trick users into sending a private message to one person, when — in reality — their reply went to a more public WhatsApp group.

WhatsApp remains one of the most popular messaging platform, including countries like India where it’s used by over 400 million users.

Geekz Snow 2019-08-09

Valve's popular PC gaming platform Steam is vulnerable to a zero-day security vulnerability which could leave 72m Windows users at risk of having their systems taken over by an attacker who could then install malware, steal data, compromise passwords and more.

The vulnerability was disclosed by a security researcher named Vasily Kravets just 45 days after submitting his report on the matter to Valve.

Typically researchers wait 90 days before publicly disclosing a vulnerability as it gives the affected businesses time to fix the vulnerabilities in their software.

Kravets discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system admin.

A threat actor could take advantage of this by launching malware using those raised privileges.

Kravets explained just how serious the vulnerability is, saying:

Paul Dalfio 2d
img
In today's era dominated by digital technology, safeguarding online security and personal privacy has become imperative. A WhatsApp hacker for hire is an individual or group claiming the ability to breach someone's WhatsApp account or messages without authorization. Use Strong, Unique Passwords: Select a complex and unique password for your WhatsApp account, avoiding the reuse of passwords across multiple accounts. Monitor Your Account Activity: Stay vigilant and monitor your WhatsApp account for any unusual activity. Building a Strong Online Security FoundationPreventing hacking attempts starts with establishing a robust security foundation.
Geekz Snow 2019-08-09
img

Security researchers have cracked Apple’s FaceID biometric system yet again.

But there’s an unusual caveat to this trick: to successfully unlock an iPhone, the attackers first need to make sure the victim is out cold.

The attack involves putting a pair of modified glasses on the victim’s face.

That, coupled with carefully placing a piece of tape over the glasses’ lenses, makes it possible to circumvent FaceID and log into a victim’s iPhone.

Of course, the exploit is fairly difficult to pull off considering the attackers would need to figure out how to put the glasses on a victim without waking them up.

The attack leverages a biometrics function called “liveness” detection, designed to tell apart “fake” versus “real” features on people.

Geekz Snow 2019-08-08
img

Don't believe the numbers, say security watchers, it's worse than ever

Black Hat Ransomware infections may be down, but only because attackers are getting better at targeting them.

This is according to a report from Malwarebytes, whose team said that when it comes to crimeware figures, numbers can be deceiving.

Speaking to El Reg ahead of the 2019 Black Hat conference, Malwarebytes Labs director Adam Kujawa said that, while instances of consumer ransomware infections are down 25 per cent over the last year, attacks on businesses are skyrocketing, up a whopping 235 per cent over the same period.

Overall, the numbers would show that ransomware numbers have fallen.

After peaking at more than 5.7 million total detections in August of 2018, just over 3 million attacks by lockup malware were detected in June 2019.

Geekz Snow 2019-08-10
img

Security researchers have discovered a slew of vulnerabilities affecting 4G hotspots from ZTE, and the company hasn't provided fixes for all of the affected devices.

The security flaws could allow a potential hacker to redirect traffic from the hotspot to other malicious websites, researchers said.

The vulnerabilities were disclosed on Saturday at Defcon, an annual hacking conference in Las Vegas.

A Pen Test Partners researcher who goes by the handle "Dave Null" described ZTE's security issues at length, as well as his concerns with how the Chinese phone company responded to the disclosure.

Null said that the vulnerabilities were simple to pull off -- an attacker only needed the victim to visit a malicious website using one of ZTE's hotspots.

The researcher found a model of hotspots were disclosing the device's passwords when a website's code requested it.

Geekz Snow 2019-08-10

Valve's popular PC gaming platform Steam is vulnerable to a hugely damaging zero-day security vulnerability, experts have warned.

According to new findings, around 72 million Windows users are at risk of having their systems taken over by an attacker who could then install malware, steal data, compromise passwords and more.

The vulnerability was disclosed by security researcher Vasily Kravets, who discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system admin.

Zero-day defenses are a good reason why you need the latest version of Windows 10

A threat actor could take advantage of this by launching malware using those raised privileges, Kravets explained, saying:

"Some of the threats will remain even being run without administrator rights.

Geekz Snow 2019-08-08
img

Apple Pay has a slew of protective features that make it a secure method of online credit card transactions.

And since 2016, third-party merchants and services have been able to embed Apple Pay into their websites and offer it as a payment option.

But at the Black Hat security conference in Las Vegas on Thursday, one researcher is presenting findings that this integration inadvertently introduces vulnerabilities that could expose the host website to attack.

But the findings illustrate the unintended issues that can emerge from web interconnections and third-party integrations.

Joshua Maddux, a security researcher at the analysis firm PKC Security, first noticed the issue last fall when he was implementing Apple Pay support for a client.

You set up Apple Pay functionality in your web service by integrating with the Apple Pay application programming interface—allowing Apple to power the module with its existing Apple Pay infrastructure.

Geekz Snow 2019-08-08
img

Now that's what we call a joint task force: Uncle Sam chills out, relaxes recruitment rules on drugs

Black Hat America's crime-fighters, desperate to recruit white-hat hackers to collar spies and cyber-crooks, have been quietly and slightly relaxing the ban on hiring anyone who has used illegal drugs.

Generally speaking, dabbling in any kind of substance abuse will rule you out of the running for a job at the NSA, Homeland Security, the FBI, and so forth.

It should, therefore, be no surprise that the Feds have been unable to recruit talented hacker folks, due to their past experimentation with chemicals.

What with marijuana now legal in various US states, including California, and it being 2019 and all, and recruitment of infosec bods is still somewhat of a struggle, it appears Uncle Sam is easing up.

So, if you haven't done anything bonkers, like injected mephedrone into your eyeballs over breakfast, and can pass, and continue to pass, a drug test, and you have the infosec skillz needed, Uncle Sam may well want you... to apply, at least.

Paul Dalfio 2024-03-08
img
This has given rise to a controversial and secretive market - the realm of Snapchat hackers for hire and Snapchat hacking services.  The Emergence of Snapchat Hacking Services:The demand for accessing private information on Snapchat has led to the proliferation of Snapchat hacking services. EthicalDilemmas:The ethical dilemmas surrounding the use of Snapchat hacking services are multifaceted.  The Legitimacy and Ethics of Snapchat Hacking:Legal Ramifications:Engaging in hacking activities, even through a hired service, is undoubtedly illegal in many jurisdictions. Ultimately, informed and vigilant users are the best defense against Snapchat hacking services.
1 of 100