Crash WhatsApp | Breaking Cybersecurity News | The Hacker News

WhatsApp, the world's most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned. Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop, forcing all group members to completely uninstall the app, reinstall it, and remove the group to regain normal function. Since the group members can't selectively delete the malicious message without opening the group window and re-triggering the crash-loop, they have to lose the entire group chat history, indefinitely, to get rid of it. Discovered by researchers at Israeli cybersecurity firm Check Point , the latest bug resided in the WhatsApp's implementation of XMPP communication protocol that crashes the app when a member with invalid phone number drops a message in the grou...

What would require crashing the wildly popular WhatsApp messaging application? Nearly 4000 Smileys . Yes, you can crash your friends'  WhatsApp , both WhatsApp Web and mobile application, by sending them not any specially crafted messages, but just Smileys. Indrajeet Bhuyan , an independent researcher, has reported The Hacker News a new bug in WhatsApp that could allow anyone to remotely crash most popular messaging app just by sending nearly 4000 emojis to the target user, thereby affecting up to 1 Billion users. Bhuyan is the same researcher who reported a very popular WhatsApp crash bug last year that required 2000 words ( 2kb in size ) message in the special character set to remotely crash Whatsapp messenger app. After this discovery, the company patched the bug by setting up the limits of characters in WhatsApp text messages, but unfortunately, it failed to set up limits for smileys send via WhatsApp. "In WhatsApp Web, Whatsapp allows 65500-660...

A Vulnerability has been discovered in the wildly popular messaging app WhatsApp , which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ' The Hacker News '. Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst. In a video demonstration, they showed that how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. Previous it was discovered that sending a huge message ( greater than 7mb in size) on Whatsapp could crash victim device and app immediately, but using this new exploit attacker only need to send a very small size (approx 2kb) message to the victim. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh ...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...