Category Archives: WhatsApp

Has WhatsApp become a potential career assassin? | Afua Hirsch

The app helped connect me to an inspiring sisterhood. But the case of police officer Robyn Williams shows unopened messages can be a legal minefield

We need to talk about WhatsApp. When the little green speech bubble first showed up in my life, I greeted it with awe and wonder. I even wrote a little love letter to its ability to connect with a virtual black sisterhood – the kind that rarely exists in our too-undiverse workplaces in real life – in my first book. It became the perfect platform to share experiences, frustrations, strategies and ideas.

WhatsApp group communities proliferated on my phone – they were education, community and activism all in one place. It was great.

Continue reading...

WhatsApp RCE flaw can be exploited by sending malicious MP4 files

Facebook has patched a critical vulnerability (CVE-2019-11931) affecting various versions of its popular WhatsApp Messenger app and is urging users to update as soon as possible. About the patched flaw (CVE-2019-11931) CVE-2019-11931 is a stack-based buffer overflow vulnerability that could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. “The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS … More

The post WhatsApp RCE flaw can be exploited by sending malicious MP4 files appeared first on Help Net Security.

WhatsApp flaw CVE-2019-11931 could be exploited to install spyware

The popular messaging platform WhatsApp made the headlines again, a new bug could be exploited by hackers to secretly install spyware.

According to the website The Hacker News, WhatsApp has recently fixed a critical vulnerability, tracked as CVE-2019-11931, that could have allowed attackers to remotely compromise targeted devices.

The CVE-2019-11931 is a stack-based buffer overflow issue that affects the way WhatsApp handles the elementary stream metadata of an MP4 file.

“A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE.” reads an advisory published by Facebook. “This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.”

The issue could trigger a DoS condition or it could exploit by a remote attacker to execute arbitrary code on the target devices.

The flaw could be exploited by sending a maliciously crafted MP4 file via WhatsApp.

The vulnerability affects WhatsApp versions for Google Android, Apple iOS, and Microsoft Windows.

“Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.” continues the security advisory.

In October, a security researcher that goes online with the moniker Awakened discovered a double-free vulnerability in WhatsApp for Android and demonstrated how to leverage on it to remotely execute arbitrary code on the target device.

The expert reported the issue to Facebook that acknowledged and addressed the flaw with the release of WhatsApp version 2.19.244.

In May, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568, that has been exploited to remotely install spyware on phones by calling the targeted device.

The WhatsApp zero-day vulnerability is a buffer overflow issue that affects the WhatsApp VOIP stack. The flaw could be exploited by a remote attacker to execute arbitrary code by sending specially crafted SRTCP packets to the targeted mobile device.

In the case of the CVE-2019-11931 flaw, it is not clear if the issue was exploited in attacks in the wild.

Pierluigi Paganini

(SecurityAffairs – CVE-2019-11931, WhatsApp)

The post WhatsApp flaw CVE-2019-11931 could be exploited to install spyware appeared first on Security Affairs.

The infamous Spyware – Pegasus, The NSO Group and The WhatsApp snooping saga

The Indian media is abuzz these days with several news and allegations around snooping on several Indian citizens through a spyware named Pegasus, allegedly delivered through WhatsApp. It’s reported widely that Facebook Inc., the parent company of popular messaging app -WhatsApp, reached out to few users from India (and other…

Want Your Kids to Care More About Online Safety? Try These 7 Tips

The topics parents need to discuss with kids today can be tough compared to even a few years ago. The digital scams are getting more sophisticated and the social culture poses new, more inherent risks. Weekly, we have to breach very adult conversations with our kids. Significant conversations about sexting, bullying, online scams, identity fraud, hate speech, exclusion, and sextortion — all have to be covered but we have to do it in ways that matter to kids.

With 95% of teens now having access to a smartphone and 45% online ”almost constantly,” it’s clear we can’t monitor conversations, communities, and secret apps around the clock. So the task for parents is to move from a mindset of ”protect” to one of ”prepare” if we hope to get kids to take charge of their privacy and safety online.

Here are a few ideas on how to get these conversations to stick.

  1. Bring the headlines home. A quick search of your local or regional headlines should render some examples of kids who have risked and lost a lot more than they imagined online. Bringing the headlines closer to home — issues like reputation management, sex trafficking, kidnapping, sextortion, and bullying — can help your child personalize digital issues. Discussing these issues with honesty and openness can bring the reality home that these issues are real and not just things that happen to other people.
  2. Netflix and discuss. Hollywood has come a long way in the last decade in making films for tweens and teens that spotlight important digital issues. Watching movies together is an excellent opportunity to deepen understanding and spark conversation about critical issues such as cyberbullying, teen suicide, sextortion, catfishing, stalking, and examples of personal courage and empathy for others. Just a few of the movies include Cyberbully, 13 Reasons Why (watch with a parent), Eighth Grade, Searching, Bully, Disconnect. Character building movies: Dumplin’, Tall Girl, Wonder, Girl Rising, The Hate U Give, Mean Girls, and the Fat Boy Chronicles, among many others.
  3. Remove phones. Sometimes absence makes that heart grow appreciative, right? Owning a phone (or any device) isn’t a right. Phone ownership and internet access is a privilege and responsibility. So removing a child’s phone for a few days can be especially effective if your child isn’t listening or exercising wise habits online. One study drives this phone-dependency home. Last year researchers polled millennials who said they’d rather give up a finger than their smartphones. So, this tactic may prove to be quite effective.
  4. Define community. Getting kids to be self-motivated about digital safety and privacy may require a more in-depth discussion on what “community” means. The word is used often to describe social networks, but do we really know and trust people in our online “communities?” No. Ask your child what qualities he or she values in a friend and who they might include in a trusted community. By defining this, kids may become more aware of who they are letting in and what risks grow when our digital circles grow beyond trusted friends.
  5. Assume they are swiping right. Dating has changed dramatically for tweens and teens. Sure there are apps like MeetMe and Tinder that kids explore, but even more popular ways to meet a significant other are everyday social networks like Snapchat, WhatsApp, and Instagram, where kids can easily meet “friends of friends” and start “talking.” Study the pros and cons of these apps. Talk to your kids about them and stress the firm rule of never meeting with strangers.
  6. Stay curious. Stay interested. If you, as a parent, show little interest in online risks, then why should your child? By staying curious and current about social media, apps, video games, your kids will see that you care about — and can discuss — the digital pressures that surround them every day. Subscribe to useful family safety and parenting blogs and consider setting up Google Alerts around safety topics such as new apps, teens online, and online scams.
  7. Ask awesome questions. We know that lectures and micromanaging don’t work in the long run, so making the most of family conversations is critical. One way to do this is to ask open-ended questions such as “What did you learn from this?” “What do you like or dislike about this app?” “Have you ever felt unsafe online?” and “How do you handle uncomfortable or creepy encounters online?” You might be surprised at where the conversations can go and the insight you will gain.

Make adjustments to your digital parenting approach as needed. Some things will work, and others may fall flat. The important thing is to keep conversation a priority and find a rhythm that works for your family. And don’t stress: No one has all the answers, no one is a perfect parent. We are all learning a little more each day and doing the best we can to keep our families safe online.

Be Part of Something Big

October is National Cybersecurity Awareness Month (NCSAM). Become part of the effort to make sure that our online lives are as safe and secure as possible. Use the hashtags #CyberAware, #BeCyberSafe, and #NCSAM to track the conversation in real-time.

The post Want Your Kids to Care More About Online Safety? Try These 7 Tips appeared first on McAfee Blogs.

15 Easy, Effective Ways to Start Winning Back Your Online Privacy

NCSAM

NCSAM

Someone recently asked me what I wanted for Christmas this year, and I had to think about it for a few minutes. I certainly don’t need any more stuff. However, if I could name one gift that would make me absolutely giddy, it would be getting a chunk of my privacy back.

Like most people, the internet knows way too much about me — my age, address, phone numbers and job titles for the past 10 years, my home value, the names and ages of family members  — and I’d like to change that.

But there’s a catch: Like most people, I can’t go off the digital grid altogether because my professional life requires me to maintain an online presence. So, the more critical question is this:

How private do I want to be online?  

The answer to that question will differ for everyone. However, as the privacy conversation continues to escalate, consider a family huddle. Google each family member’s name, review search results, and decide on your comfort level with what you see. To start putting new habits in place, consider these 15 tips.

15 ways to reign in your family’s privacy

  1. Limit public sharing. Don’t share more information than necessary on any online platform, including private texts and messages. Hackers and cyber thieves mine for data around the clock.
  2. Control your digital footprint. Limit information online by a) setting social media profiles to private b) regularly editing friends lists c) deleting personal information on social profiles d) limiting app permissions someone and browser extensions e) being careful not to overshare.NCSAM
  3. Search incognito. Use your browser in private or incognito mode to reduce some tracking and auto-filling.
  4. Use secure messaging apps. While WhatsApp has plenty of safety risks for minors, in terms of data privacy, it’s a winner because it includes end-to-end encryption that prevents anyone in the middle from reading private communications.
  5. Install an ad blocker. If you don’t like the idea of third parties following you around online, and peppering your feed with personalized ads, consider installing an ad blocker.
  6. Remove yourself from data broker sites. Dozens of companies can harvest your personal information from public records online, compile it, and sell it. To delete your name and data from companies such as PeopleFinder, Spokeo, White Pages, or MyLife, make a formal request to the company (or find the opt-out button on their sites) and followup to make sure it was deleted. If you still aren’t happy with the amount of personal data online, you can also use a fee-based service such as DeleteMe.com.
  7. Be wise to scams. Don’t open strange emails, click random downloads, connect with strangers online, or send money to unverified individuals or organizations.
  8. Use bulletproof passwords. When it comes to data protection, the strength of your password, and these best practices matter.
  9. Turn off devices. When you’re finished using your laptop, smartphone, or IoT devices, turn them off to protect against rogue attacks.NCSAM
  10. Safeguard your SSN. Just because a form (doctor, college and job applications, ticket purchases) asks for your Social Security Number (SSN) doesn’t mean you have to provide it.
  11. Avoid public Wi-Fi. Public networks are targets for hackers who are hoping to intercept personal information; opt for the security of a family VPN.
  12. Purge old, unused apps and data. To strengthen security, regularly delete old data, photos, apps, emails, and unused accounts.
  13. Protect all devices. Make sure all your devices are protected viruses, malware, with reputable security software.
  14. Review bank statements. Check bank statements often for fraudulent purchases and pay special attention to small transactions.
  15. Turn off Bluetooth. Bluetooth technology is convenient, but outside sources can compromise it, so turn it off when it’s not in use.

Is it possible to keep ourselves and our children off the digital grid and lock down our digital privacy 100%? Sadly, probably not. But one thing is for sure: We can all do better by taking specific steps to build new digital habits every day.

~~~

Be Part of Something Big

October is National Cybersecurity Awareness Month (NCSAM). Become part of the effort to make sure that our online lives are as safe and secure as possible. Use the hashtags #CyberAware, #BeCyberSafe, and #NCSAM to track the conversation in real-time.

The post 15 Easy, Effective Ways to Start Winning Back Your Online Privacy appeared first on McAfee Blogs.