WhatsApp | Breaking Cybersecurity News | The Hacker News

WhatsApp on Monday officially announced the start of global reservations of usernames with an aim to protect the privacy of more than three billion users on the messaging platform. The optional feature is designed to help users connect with someone on the service through usernames, as opposed to directly sharing their phone numbers. Username reservations will start rolling out starting today, enabling users to create and reserve a username before the feature becomes generally available later this year. "You choose your own, and it doesn't have to match your handle on any other app," the Meta-owned messaging app said in a statement shared with The Hacker News ahead of publication. "At its core, it's a privacy feature, not a social media handle – there's no directory to browse and no suggestions, so people need to know your exact username to contact you for the first time." As it goes without saying, choosing a username should be unique. WhatsApp...

The Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The systematic cyber attacks aimed at stealing sensitive information from the victims, the agency added. "The goal of these 'hacks' is to gain access to sensitive military, political, and economic information exchanged by users, as well as to steal their personal data," the agency warned in a post shared on Telegram. To pull off the operation, the attackers send SMS messages that masquerade as the messaging platform's support bot and urge users to disclose their account credentials.  The SSU noted that these attacks include not only organizations, officials or public figures, but also personal accounts belonging to Ukrainian nati...

Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, Australia, Russia, and Vietnam. The highest concentration of victims has been reported in Malaysia. "The threat actor uses deceptive file names masquerading as business and financial documents to persuade recipients to download and execute the attachment," security researcher Fareed Radzi said . "Once executed, the VBScript initiates a multi-stage infection chain that ultimately results in the installation of legitimate Remote Monitoring and Management (RMM) software, enabling remote access to the victim's system." It's suspected that the threat actor behind the operation ma...

Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group . In addition, the tech giant said it's filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users. "They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO," Meta said . The social media company also said it caught NSO Group creating test accounts and groups on WhatsApp. They have since been taken down by Meta. The list of malicious domains linked to the activity is listed below - fr24cast[.]com ghazacast[.]com ikhwancast[.]com Meta did not disclose any technical details about the campaign, including when the activity occurred, how many users were targeted, if any of those attacks were successful, and how the activity was t...