WhatsApp Vulnerability Exploited to Place Spyware on Phones
A vulnerability in WhatsApp is being actively exploited to install spyware on mobile phones. The attackers infected targeted devices by calling them; users did not even have to answer the call. A WhatsApp representative said that the flaw, a buffer overflow vulnerability in the WhatsApp VOIP stack, was addresses in a server-side update on Friday, May 10. A fix for end-users was released on Monday, May 13.
Read more in:
– arstechnica.com: WhatsApp vulnerability exploited to infect phones with Israeli spyware
– www.theregister.co.uk: It’s 2019 and a WhatsApp call can hack a phone: Zero-day exploit infects mobes with spyware
Loyalty Program Fraud Increasing
Hackers are targeting loyalty program accounts both for the points they contain and the personal data they gather. Some hackers use the information to gain access to other accounts. Others steal and use or sell the points online. Some of the companies offering loyalty programs have begun implementing stronger security measures, like multi-factor authentication.
Read more in:
– www.nytimes.com: Why Rewards for Loyal Spenders Are ‘a Honey Pot for Hackers’
Cyber FastTrack Qualification Round Results Announced
The total number of U.S. college students who participated in Cyber FastTrack to discover their aptitude for high-end cybersecurity careers: 13,289 from 1,290 colleges (50% came from 67 colleges). The number of women who participated: 4,217 or 32% of all players. The number of students who completed enough challenges to be selected as Quarter Finalists: approximately 2,400 or 18% of all participants, and the number of students who completed at least some of the extreme challenges: 882 or 6.6% of all participants. We have good data from the UK that students who perform at this level in CyberStart Assess have the potential to become elite cyber talent as long as they are encouraged and supported along their pathways.
US Legislators Introduce Election Security Act
Legislators in the US House of Representatives have introduced the Election Security Act, which would require the president to establish a “national strategy for protecting democratic institutions.” It would also establish security standards for voting system vendors to abide by cybersecurity standards and would require that states use paper ballots.
Read more in:
– www.scmagazine.com: Election Security Act seeks to shore up infrastructure, give states funds to protect against election cyberattacks, influence
– thehill.com: House Dems reintroduce bill to protect elections from cyberattacks
Cisco Router Flaw(May 13, 2019)
A security issue affecting certain Cisco routers can be remotely exploited to hide spyware deep inside vulnerable devices. The flaw, dubbed Thrangrycat, affects the Trust Anchor module hardware security chip. An attacker would need to be able to log into a targeted device with administrator privileges to successfully exploit the flaw.