Sophisticated spyware attack on WhatsApp hacks mobile phones of users

Despite encrypting every conversation and following best security practices, the Facebook-owned WhatsApp has become vulnerable to a cyber attack.

The messaging service revealed that it found a vulnerability that could allow attackers to infect the WhatsApp users with spyware, just by making them a call.

The vulnerability, dubbed CVE-2019-3568, allowed attackers to infect the device even if the users didn’t answer the call. What the attackers did is exploited a buffer overflow weakness in the app that enabled them to hack the WhatsApp and then the device on which it is running.

Security team at WhatsApp called it an advanced cyber actor which is a rare but very dangerous type of cyberattack. The spyware is different from other malware attacks which are carried out via phishing approaches. Attackers can use spyware to exploit the devices even if the users don’t receive the call.

If a device is attacked, the cybercriminals could gain access to the personal data which is stored on the handset. They could modify things or lock the mobile to demand ransom from the users.

The following versions of WhatsApp were vulnerable to the spyware attack:

  • WhatsApp for Android prior to v2.19.134
  • WhatsApp Business for Android prior to v2.19.44
  • WhatsApp for iOS prior to v2.19.51
  • WhatsApp Business for iOS prior to v2.19.51
  • WhatsApp for Windows Phone prior to v2.18.348
  • WhatsApp for Tizen prior to v2.18.15

WhatsApp has responded to the attack and said that it became aware of the vulnerability earlier this month. Within 10 days, the social network released a server-side fix to mitigate the attack. However, dozens of WhatsApp users were already compromised before the fix was issued.

Also read: Cybersecurity threats can cost large organizations US$10.3 million and a mid-sized organization $11K annually, on an average

Further, WhatsApp has also released an update to the mobile app on Monday which will help in avoiding such cyber attacks in the future.

In a statement after releasing the patch, WhatsApp has asked all its users to update the app to the latest version and also keep their operating system updated.


Advanced DNS hijacking campaign targeting public and private organizations for last 2 years: Cisco Talos

A new cyber threat campaign called Sea Turtle is manipulating the DNS systems to target public and private entities, including national security organizations, in the Middle East and North Africa.

As per the researchers at Cisco Talos, it is very likely that the cyber threat started in January 2017 and has continued through the first quarter of 2019.

“Our investigation revealed that at least 40 different organizations across 13 different countries were compromised during this campaign. We assess with high confidence that this activity is being carried out by an advanced, state-sponsored actor that seeks to obtain persistent access to sensitive networks and systems,” according to the researchers.

The attackers carried out the attack through DNS hijacking, which means that they modified the DNS name records for directing the users to servers that were controlled by them.

In January this year, the Department of Homeland Security (DHS) had warned about this campaign that cybercriminals were able to redirect user traffic and gain access to valid encryption certificates used by organizations for domain names.

Cisco Talos identified two groups of victims of the Sea Turtle cyberattack.

The first group of victims included national security organizations, ministries of foreign affairs, and leading energy organizations. The cybercriminals targeted the third-party entities that provide services to these organizations in order to gain access. These were the primary victims.

The second group of victims included DNS registrars, telecom companies, and internet service providers.

One of the most notice-worthy facts about the Sea Turtle cyberattack is that the attackers manipulated the primary victims by first attacking the third-party organizations.

“The threat actors behind the Sea Turtle campaign show clear signs of being highly capable and brazen in their endeavours. The actors are responsible for the first publicly confirmed case of a DNS registry compromise, highlighting the attacker’s sophistication. Notably, the threat actors have continued their attacks despite public reports documenting various aspects of their activity, suggesting they are unusually brazen and may be difficult to deter going forward,” mentioned Cisco Talos in the report.

“In most cases, threat actors typically stop or slow down their activities once their campaigns are publicly revealed.”

Also read: Flaw in YellowPencil plugin leaves over 30K WordPress sites open to hacking

While this cyberattack is limited mostly to national security organizations in the Middle East and North Africa, but the success of this operation can result in attacks on the global DNS system. And the DNS is the foundation of the internet. The hijacking of the internet’s foundation can demoralize and break the trust of its users. These users are the key drivers of the global economy.

Newss Wordpress

Former employee hacks WPML WordPress plugin site to spam users

A few hours ago, the website of popular WordPress plugin WPML (WordPress Multilingual Plugin) got hacked by an ex-employee who had left a backdoor in the site. After hacking, the attacker sent out a mass-mail to every user, stating that the plugin contains several vulnerabilities and warned them to not store any sensitive information on database.

WPML plugin is used to write content in multiple languages and translate content without any need of technical or programming skills. English, Spanish, French, German, Italian and Dutch are the most popular languages on WPML. As per their site, the plugin is currently used by more than 600K WordPress websites.

After hacking the WPML website, the attacker sent the following email to every user:

The attacker mentioned in the email that he is a frustrated user of the same plugin who got two of his websites hacked because of security holes in the plugin. Since the same plugin is used by WPML as well, he hacked their website to warn other users.

The attacker also published a blog post on WPML site with the same message that he had sent to users.

However, WPML wrote in a tweet that “Looks like an ex-employee backdoor”. The plugin creator also clarified that they double-checked the plugin, and assured users that there is no exploit. Since the plugin doesn’t store any payment information, there’re no chances of compromising it.

Also read: Plenty of plugins and PHP libraries disabling TLS validation, leaving sensitive data at risk

As of now, WPML has rebuilt its website and suggested the users to update their WPML account password and use a secure one.

Update: The title of this news has been updated with feedback from the WPML team. The readers are hereby informed that the plugin was not compromised or hacked and was/is safe to use. The attack was aimed specifically at WPML website.

Articles Cloud Cloud News Datacenter

It costs $715,000 to mitigate a DNS attack in 2018: EfficientIP report

On average, a DNS attack costs $715,000 to organizations globally, up from $456,000 a year before, according to 2018 DNS Threat Report by EfficientIP.

EfficientIP surveyed 1000 organizations around Europe, Asia Pacific and North America to analyze the technical and behavioral causes of the rise in DNS (domain name system) threats, their effects on business, and remedies.

The report highlighted that organizations faced average seven DNS attacks in 2017, which costed around $5 million in damages. The organizations which don’t secure the DNS are at a higher risk of data loss, service downtime, compliance failure or compromised public image.

Key findings of the 2018 DNS Threat Report:

  • Average cost per attack increasing YoY

77% of the organizations were found subject to a DNS attack in 2018. The research shows that the average cost of damages caused by a DNS attack has increased by 57% over the previous year. The cost per attack varied country by country. For instance, cost per attack in France is $974,000, whereas it costs $654,000 to organization in North America.

  • DNS-based malware and phishing: Top DNS threats in 2018

DNS-based malware (36%) and Phishing (36%) are the most popular DNS threats in 2018, both of which have increased as compared to last year. Along these attacks, the DDoS attacks, Lock-up Domain attacks, and DNS Tunneling are the top DNS attacks, each of which accounts for 20% of all the DNS attacks in 2018.

  • DNS attacks damage brand image

The major cyber-attacks like WannaCry and NotPetya caused financial/brand damage and customer churn for organizations globally.

Due to DNS attacks, 40% of the organizations suffered cloud outages, 33% were victims of data theft, whereas, 22% lost their business. On average, an organization takes 7 hours to mitigate the attack, up 40% from a year before.

  • All industries vulnerable to DNS attacks

Further, the report revealed that all the industries are vulnerable to DNS attacks. The public sector takes the longest to mitigate an attack, while healthcare faces the highest cloud downtime. The telecom sector had the most sensitive customer information stolen, while it costed the highest to financial sector.

Also read: Biggest cloud security challenges in 2018 and their solutions

“Worryingly, the frequency and financial consequences of DNS attacks have risen and businesses are late in implementing purpose-built security solutions to prevent, detect and mitigate attacks. On the positive side, business and IT leaders globally now have a better understanding on why DNS is fundamental to ensuring business continuity and data confidentiality, so securing DNS has become a top priority for them,” said David Williamson, CEO of EfficientIP.

Read full report here.