#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

Whatsapp hacking | Breaking Cybersecurity News | The Hacker News

Saudi Prince Allegedly Hacked World's Richest Man Jeff Bezos Using WhatsApp

Saudi Prince Allegedly Hacked World's Richest Man Jeff Bezos Using WhatsApp
Jan 22, 2020
The iPhone of Amazon founder Jeff Bezos , the world's richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman , the Guardian newspaper revealed today. Citing unnamed sources familiar with digital forensic analysis of the breach, the newspaper claimed that a massive amount of data was exfiltrated from Bezos's phone within hours after he received a malicious video file from the Saudi prince. The mysterious file was sent when crown prince Salman and Bezos were having a friendly WhatsApp conversation, and it's 'highly probable' that it exploited an undisclosed zero-day vulnerability of WhatsApp messenger to install malware on Bezos's iPhone. "The forensic analysis found that within hours of receipt of the MP4 video file from the Crown Prince's account, massive and (for Bezos' phone) unprecedented exfiltration of data from the phone began, increasing da

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users

Facebook Sues Israeli NSO Spyware Firm For Hacking WhatsApp Users
Oct 29, 2019
Finally, for the very first time, an encrypted messaging service provider is taking legal action against a private entity that has carried out malicious attacks against its users. Facebook filed a lawsuit against Israeli mobile surveillance firm NSO Group on Tuesday, alleging that the company was actively involved in hacking users of its end-to-end encrypted WhatsApp messaging service. Earlier this year, it was discovered that WhatsApp had a critical vulnerability that attackers were found exploiting in the wild to remotely install Pegasus spyware on targeted Android and iOS devices. The flaw (CVE-2019-3568) successfully allowed attackers to silently install the spyware app on targeted phones by merely placing a WhatsApp video call with specially crafted requests, even when the call was not answered. Developed by NSO Group, Pegasus allows access to an incredible amount of data from victims' smartphones remotely, including their text messages, emails, WhatsApp chats,

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices

New Malware Replaced Legit Android Apps With Fake Ones On 25 Million Devices
Jul 11, 2019
Are you sure the WhatsApp app you are using on your Android device is legitimate, even if it's working perfectly as intended? ...Or the JioTV, AppLock, HotStar, Flipkart, Opera Mini or Truecaller app—if you have installed any of these? I'm asking this because cybersecurity researchers just yesterday revealed eye-opening details about a widespread Android malware campaign wherein attackers silently replaced installed legitimate apps with their malicious versions on nearly 25 million mobile phones. Now the important question here is how they're doing it and why? According to researchers at Check Point, attackers are distributing a new kind of Android malware that disguises itself as innocent-looking photo editing, adult entertainment, or gaming apps and available through widely used third-party app stores. Dubbed Agent Smith , the malware takes advantage of multiple Android vulnerabilities, such as the  Janus flaw and the Man-in-the-Disk flaw , and injects malic

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

China Bans WhatsApp Messenger

China Bans WhatsApp Messenger
Sep 26, 2017
Popular instant messaging app WhatsApp has already been struggling for its existence in China ever since July when Chinese government blocked its users from sending photos and videos over the app. Now, it appears that China has largely blocked Facebook-owned WhatsApp in its latest step to tighten censorship as the country prepares for a major Communist Party gathering next month. Yes, WhatsApp no longer works in the country at all. China has a long history of blocking and limiting access to web services, especially social networks and Western-owned sites through its Great Firewall . The service currently blocks some 171 out of the world's leading websites, including Wikipedia, Twitter, Facebook, Instagram, and many Google services in mainland China. And now, it is WhatsApp. Although it's unclear how long the messaging app may remain inaccessible in the country, according to Symbolic Software, a Paris-based research firm that monitors WhatsApp's situation in Chi

A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits

A Company Offers $500,000 For Secure Messaging Apps Zero-Day Exploits
Aug 24, 2017
How much does your privacy cost? It will soon be sold for half a Million US dollars. A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to US$500,000 for working zero-day vulnerabilities targeting popular secure messenger applications, such as Signal, Telegram and WhatsApp. Zerodium announced a new pricing structure on Wednesday, paying out $500,000 for fully functional remote code execution (RCE) and local privilege escalation (LPE) vulnerabilities in Signal, WhatsApp, iMessage, Viber, Facebook Messenger, WeChat, and Telegram. The payouts for all these secure messengers have been increased after tech companies introduced end-to-end encryption in their apps, making it more difficult for anyone to compromise their messaging platforms. The same payout is offered for remote code execution and local privilege escalation security flaws in default mobile email applications. Launched in 2015, Zerodium is a Washington, DC-based p

200 Million WhatsApp Users Vulnerable to vCard Vulnerability

200 Million WhatsApp Users Vulnerable to vCard Vulnerability
Sep 09, 2015
WhatsApp recently claimed to have hit 900 Million monthly active users , but a dangerous security flaw in the web version of the popular instant messaging app puts up to 200 Million of its users at risk . Yes, the web-based extension of WhatsApp is vulnerable to an exploit that could allow hackers to trick users into downloading malware on their computers in a new and more sophisticated way. WhatsApp made its web client, WhatsApp Web , available to iPhone users just last month, after first rolling out its web-based instant messaging service for Android, Windows and BlackBerry Phone earlier in the year. Similar to Facebook Messenger, WhatsApp Web is an effective way to experience the mobile app in a web browser, allowing you to view all of the conversations you have made with your friends – including images, audio files, videos, GPS location and contact cards – straight on your PCs. However, a security flaw discovered by Check Point's security researcher Kasif

Whatsapp Banned Users For Using WhatsApp PLUS App

Whatsapp Banned Users For Using WhatsApp PLUS App
Jan 20, 2015
Are you one of those victims whose WhatsApp app has recently been banned?? Then you must have installed a 3rd-party version of WhatsApp client, like WhatsAppMD or Whatsapp PLUS in your mobile phone for sure. Reportedly after 12 AM IST on 21st January 2015 , WhatsApp, the widely popular messaging application, has started temporarily banning users for 24 Hours who are currently using any third-party WhatsApp clients and are being directed to download the official app on the Play Store instead. Just in last few hours, large number of users have started complaining on Social media websites that they are being banned from the messaging service for 24 hours. Though the ban is temporary and the users facing the issue now could access their app after the period of 24 hours. In an attempt to clear up why this is happening, Whatsapp team explained via its FAQ website , that it is against 'Terms of Service' to use WhatsApp Plus or any other 3rd-party unofficial app. Why am

Beware! Fake WhatsApp PLUS App Rumored to be Next Official WhatsApp Release

Beware! Fake WhatsApp PLUS App Rumored to be Next Official WhatsApp Release
Jan 19, 2015
Several reports from the popular news websites had suggested that WhatsApp , the widely popular messaging application, is working on a new version of its instant messaging client, called  WhatsApp PLUS , in order to provide its users a lot of handy new features. However the news seems to be completely fake!! WhatsApp Plus has already been launched a long ago and is not at all genuine as it is not associated with the Facebook-owned WhatsApp. Many users claimed to have already used WhatsApp Plus before. The latest news reports insist that WhatsApp Plus will bring 700 new themes and more number of emoticons, as well as will provide users with an option to change the font, and color among other things in an attempt to make the app look and feel more personalized. Moreover, the app will provide better privacy compared to the existing one. But, here you need to have a second thought. If we talk about better privacy, the only genuine report about WhatsApp came late last year,

Crash Your Friends' WhatsApp Remotely with Just a Message

Crash Your Friends' WhatsApp Remotely with Just a Message
Dec 01, 2014
A Vulnerability has been discovered in the wildly popular messaging app WhatsApp , which allows anyone to remotely crash WhatsApp just by sending a specially crafted message, two security researchers reported ' The Hacker News '. Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers demonstrated the WhatsApp Message Handler vulnerability to one of our security analyst. In a video demonstration, they showed that how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. Previous it was discovered that sending a huge message ( greater than 7mb in size) on Whatsapp could crash victim device and app immediately, but using this new exploit attacker only need to send a very small size (approx 2kb) message to the victim. The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh
Cybersecurity Resources