Cybersecurity

"WhatsApp fixed a bug that allowed malicious users to save pictures and videos that were supposed to be viewed only once and then vanish.

In September, TechCrunch reported that a bug in the implementation of the “View Once” privacy feature allowed people using WhatsApp’s browser-based web app to display and then keep the picture or video. The View Once feature is designed to prevent recipients from saving, sharing, forwarding, copying, and even screenshotting or screen recording media sent as “View Once,” given that in normal circumstances, the pictures or videos disappear after being viewed.

On Friday, WhatsApp spokesperson Zade Alsawah told TechCrunch that the company has rolled out a longer-term fix that resolved the issue."

https://techcrunch.com/2024/12/09/whatsapp-fixes-bug-that-let-users-bypass-view-once-privacy-feature/

#CyberSecurity #WhatsApp #Privacy #Meta

▪ @cybernews@infosec.exchange research ▪ The Turkish app Quran Kuran has exposed over 3.6 million records of highly sensitive data.

#Turkey #Quran #app #DataPrivacy #datasecurity #cybersecurity #infosec

https://cnews.link/sigma-telecom-data-leak-3/

Krispy Kreme announced on Wednesday its network was breached in November.

#KrispyKreme #CyberAttack #breach #cybersecurity #network #orders

https://cnews.link/krispy-kreme-doughnut-chain-cyberattack-operations-disrupted-1/

🔄 43 ENTRY CHANGES 🔄

💻 macOS Sequoia 15.1 - 9 added, 4 updated
https://support.apple.com/en-us/121564
📱 iOS and iPadOS 18.1 - 5 added, 5 updated
https://support.apple.com/en-us/121563
⌚ watchOS 11.1 - 2 added, 2 updated
https://support.apple.com/en-us/121565
🥽 visionOS 2.1 - 1 added, 3 updated
https://support.apple.com/en-us/121566
💻 macOS Ventura 13.7.1 - 1 added, 2 updated
https://support.apple.com/en-us/121568
💻 macOS Sonoma 14.7.1 - 1 added, 2 updated
https://support.apple.com/en-us/121570
📺 tvOS 18.1 - 1 added, 1 updated
https://support.apple.com/en-us/121569
📱 iOS and iPadOS 17.7.1 - 2 updated
https://support.apple.com/en-us/121567
🌐 Safari 18.1 - 1 added, 1 updated
https://support.apple.com/en-us/121571

#apple #cybersecurity #infosec #security #ios

🐛 NEW SECURITY CONTENT 🐛

🌐 Safari 18.2 - 6 bugs fixed
https://support.apple.com/en-us/121846

#apple #cybersecurity #infosec #security #ios

⚒️ FIXED IN iOS and iPadOS 18.2 ⚒️

• 5 bugs in WebKit
• 3 bugs in Kernel
• 2 bugs in AppleMobileFileIntegrity
• 2 bugs in libxpc
  and 9 other vulnerabilities fixed
  https://support.apple.com/en-us/121837

#apple #cybersecurity #infosec #security #ios

🐛 NEW SECURITY CONTENT 🐛

💻 macOS Sequoia 15.2 - 44 bugs fixed
https://support.apple.com/en-us/121839
💻 macOS Sonoma 14.7.2 - 26 bugs fixed
https://support.apple.com/en-us/121840
💻 macOS Ventura 13.7.2 - 23 bugs fixed
https://support.apple.com/en-us/121842
📱 iOS and iPadOS 18.2 - 21 bugs fixed
https://support.apple.com/en-us/121837
⌚ watchOS 11.2 - 16 bugs fixed
https://support.apple.com/en-us/121843
📺 tvOS 18.2 - 16 bugs fixed
https://support.apple.com/en-us/121844
📱 iPadOS 17.7.3 - 14 bugs fixed
https://support.apple.com/en-us/121838

#apple #cybersecurity #infosec #security #ios

The Center for Vein Restoration (CVR) has suffered a major data breach. Attackers stole extremely sensitive personal data.

#DataBreach #cyberattack #cybersecurity #cybercrime #DataPrivacy #infosec

https://cnews.link/center-vein-restoration-data-breach-3/

Law enforcement worldwide has teamed up this holiday season to dismantle 27 DDoS platforms used by hackers.

#Europol #DDoS #hackers #cybercrime #cybersecurity #infosec

https://cnews.link/europol-shuts-down-ddos-platforms-before-christmas-1/

Jeden Tag landen Phishing-Mails in unseren Postfächern. Bis vor einigen Jahren fielen diese besonders durch ihre kruden Texte und eine krumme Rechtschreibung auf.

Heutzutage gehen Cyberkriminelle schon deutlich professioneller vor.

Damit ihr solche betrügerischen Mails trotzdem erkennt, haben wir euch eine Checkliste zusammengefasst, mit der ihr in Sekundenschnelle sichere von unsicheren Mails unterscheiden könnt. 😜

#DeutschlandDigitalSicherBSI #CyberSecurity #ITSicherheit #PhishingMails

Chinese hacker singlehandedly responsible for exploiting 81,000 Sophos firewalls, DOJ says⤵️
#FBI #DOJ #US #cybersecurity #infosec

https://cnews.link/doj-ofac-sanctions-hacker-exploits-sophos-firewalls/

#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered.

It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.

The issue has existed in the curl source code for almost twenty-five years.

• https://curl.se/docs/CVE-2024-11053.html
• https://hackerone.com/reports/2829063

No AI tools were used in discovering or reporting the vulnerability.

#noai #handcrafted #infosec #cybersecurity

#OpenWrt #Sysupgrade flaw let hackers push malicious #firmware images

https://www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/

#cybersecurity #FOSS

A ransomware attack on Sabre exposed employees' personal details on the dark web.

#ransomware #DataSecurity #cybersecurity #Sabre #DarkWeb #infosec

https://cnews.link/booking-giant-sabre-data-breach-3/

A serious Apple security flaw enables malicious apps to bypass security controls and secretly access personal information.

#iPhone #Apple #Security #Apps #cybersecurity #infosec

https://cnews.link/researchers-bypass-iphone-security-controls-access-data-3/

▪ @cybernews@infosec.exchange research ▪ Small business owners in Mexico should know that their financial partners might leak sensitive personal information.

#DataSecurity #Mexico #cybersecurity #Research #dataprivacy #infosec

https://cnews.link/mexican-fintech-kapital-leaves-client-ids-leaking-3/

In 2024, Cloudflare mitigated 6.5% of global traffic as malicious, with 4.3% of emails featuring deceptive links and identity theft.

#Cloudflare #malicious #email #internet #cybersecurity #infosec

https://cnews.link/cloudflare-malicious-traffic-report-1/

Heads up: If you've used the https://github.com/puckiestyle/CVE-2024-23113 for testing Fortinet systems vulnerable to #CVE_2024_23113: The code is broken and does not reliably check for the #vulnerability. #infosec #cybersecurity

🧪 NEW BETA RELEASES 🧪

📱 iOS 18.2 RC 2 (22C151)
📱 iPadOS 18.2 RC 2 (22C151)
💻 macOS 15.2 RC 2 (24C100)
📺 tvOS 18.2 RC 2 (22K155)
🥽 visionOS 2.2 RC 2 (22N841)

#apple #cybersecurity #infosec #security #ios

A group called UAC-0185 has launched phishing attacks targeting Ukrainian defense companies and security forces.

#Ukraine #hackers #phishing #NationalSecurity #CyberSecurity

https://cnews.link/hackers-target-ukraine-defence-1/

It took only one compromised email to expose the sensitive records of thousands of minors.

#cybersecurity #databreach #IT #cyberattack #dataprivacy #phishing

https://cnews.link/datavant-phishing-attack-data-leak-3/

Researchers have observed increasing threat activity from two Russian hacktivist groups attacking US energy and water sectors.

#Russia #hackers #US #Research #cyberattacks #cybersecurity

https://cnews.link/russian-hacktivists-attacking-us-water-and-energy-1/

"- This joint investigation with First Department, a legal assistance organization, found spyware covertly implanted on a phone returned to a Russian programmer accused of sending money to Ukraine after he was released from custody.

• He describes being subjected to beatings and an intense effort to recruit him as an informant for the Russian Federal Security Service (FSB).

• Our analysis finds that the spyware placed on his device allows the operator to track a target device’s location, record phone calls, keystrokes, and read messages from encrypted messaging apps, among other capabilities.

• The spyware bears many similarities to the Monokle family of spyware, previously reported on by Lookout Mobile Security, which they attribute to the “Special Technology Center,” a contractor to the Russian government.

• Our analysis also finds certain differences from previously-reported samples of Monokle spyware, suggesting that it is either an updated version of Monokle or new software created by reusing much of the same code."

https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/

#CyberSecurity #Russia #Spyware #Monokle

"The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1. These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours. Free users can use the tool once a month. iVerify's infrastructure is built to be privacy-preserving, but to run the Mobile Threat Hunting feature, users must enter an email address so the company has a way to contact them if a scan turns up spyware—as it did in the seven recent Pegasus discoveries."

https://arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/

#CyberSecurity #Spyware #iVerify #iOS #Android #Pegasus

"End-to-end encryption means that the information is scrambled in transit and only the sender and recipient can access it. Regular text messages (SMS messages) and voice calls are usually not encrypted, and can be intercepted in transit or stored on a carrier’s server for extended periods of time.

Email services such as Gmail and Outlook generally offer encryption in transit, which means they can be read on the companies’ servers and by the end users. Messages that are encrypted in transit can’t be nabbed from a telecom network in an accessible format, but they could be accessed through an email service provider or a law enforcement request to that company.

End-to-end encryption—the kind offered by services like WhatsApp and Signal—is considered the best bet for privacy, particularly when paired with the option to auto-delete messages after a set period of time, says Mullin."

https://www.inc.com/jennifer-conrad/why-you-should-start-using-encrypted-communications-today/91034632

#CyberSecurity #Privacy #Encryption #E2EEncryption #Signal