Connect with us


WhatsApp Update To Fight Spyware



An organization attacks WhatApp users through spyware to retrieve information. WharsApp urge uses to download update to block spyware.

As if Facebook doesn’t already have its plate full, spyware is attacking one of its companies, WhatsApp, with government-grade technology to retrieve user information amidst on-going issues regarding privacy concerns.

WhatsApp is supposedly Facebook’s more secure version of online chatting. The company boasts the end-to-end encryption technology that sets it apart from other companies under Facebook. In other terms, its feature where WhatsApp requires a password of some sort from both ends of a conversation and that accounts are directly connected with users’ respective mobile numbers makes it virtually impossible for company servers to snoop around conversations. It is also reported earlier this year that Facebook plans to implement the same set of privacy features to its other apps like Messenger and Instagram to address concerns regarding privacy concerns.

However, a serious security hole was discovered earlier this month that allowed a bug to breach WhatsApp as first reported by The Financial Times.

Marco Verch | Flickr | CC BY 2.0

Once the bug was injected through the security hole in WhatsApp’s system, it gives the caller leverage to make a phone call that would enable the bug to install commercial-grade spyware that would allow the caller access to the user’s personal information. To make things worse the action can be done even if the call was answered or not.

To put it into perspective, once a phone has been infected by the spyware-enabling bug, there’s hardly any other choice with preventing hackers from accessing other people’s information. There is also no way to determine who or how many people can be affected by the bug. “The company said that it suspects a relatively small number of users were targeted, since it would be nontrivial to deploy, limiting it to advanced and highly motivated actors,” TechCrunch reports.

In other words, the bug is one ticket ride to retrieve a WhatsApp user’s personal information stored within the application. As of the moment, what information WhatsApp stores is completely up for speculation since Facebook haven’t disclosed information regarding that yet.

Fortunately for WhatsApp users, once the company was alerted about the serious matter, they were able to address the issue and work on a preventive method within its infrastructure that would basically ban the bug from entering their system. Reportedly, WhatsApp was able to make the counteraction in less than 10 days of being aware of the problem. However, it is not indicated that the prevention feature would help users who are already affected and whether or not their information can be retrieved from hackers.

The feature is available today by downloading the latest WhatsApp update. “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in a statement.

The spyware attacking WhatsApp is said to be developed by the Israeli cyber intelligence company NSO Group named Pegasus. NSO is a company that usually sells commercial-grade snooping tech to nation states. However, the company denies having involvement with WhatsApp’s case.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” NSO Group told the Financial Times. “NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual.”

The Guardian notes that “NSO limits sales of its spyware, Pegasus, to state intelligence agencies. The spyware’s capabilities are near absolute. Once installed on a phone, the software can extract all of the data that’s already on the device (text messages, contacts, GPS location, email, browser history, etc) in addition to creating new data by using the phone’s microphone and camera to record the user’s surroundings and ambient sounds, according to a 2016 report by the New York Times.”

However, FT reports from a different perspective where the spyware was first detected when an attempted attack was done against a UK-based attorney on May 12. The lawyer, who was undisclosed, was involved in a lawsuit against NSO brought by a group of Mexican journalists, government critics, and a Saudi Arabian dissident.

There is nothing concrete as to what or who led the attack on WhatsApp’s operating system as everything are still under investigation.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Are Hackers Friends Of Crypto Industry Or Are They Enemies?

Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money. Click To Tweet



Hackers have been paid more than $30,000 for exposing and fixing security issues in crypto companies but at the same time, hackers are also the reason why some of them lose money.
Hackers have been paid by crypto companies to fix bugs. Photo: Christoph Scholz | Flickr | CC BY-SA 2.0

The unregulated universe of cryptocurrencies have found its unlikely allies among hackers in solving systemic problems and fixing bugs, a report reveals.

Crypto companies including crypto exchanges have paid a lump sum of at least $32,150 to different white-hat hackers by fixing the security flaws in popular crypto and blockchain platforms such as TRON, Brave, EOS, and Coinbase.

The data revealed that 15 blockchain and crypto-related firms had made hefty payments as rewards to security researchers between March 28 and May 16. The said rewards were made concerning 30 publicly-released bug reports during the entire duration.

Among all the companies who had the security threats, Omise, the software firm behind cryptocurrency OmiseGo, need the most fixes with six disclosed bugs and security issues. Blockchain-powered prediction market Augur disclosed three reports, as did Brave Software, makers of the Brave browser, which features its own native token.

Crypto and blockchain technology has since been criticized by different financial institutions for being volatile and vulnerable to technology and cyber crimes, making the technology not conducive to become a working technology. It only makes sense that in time when they need help the most, white-hat hackers and security researchers are there to help them – for a price.

According to the study, he payment varies depending on the severity of the bug. They adjust their HackerOne rewards depending on how easy or difficult it is for the white-hat hacker to reolve a security issue. For instance, majority of Omise’s disclosed security flaws were only worth around $100 each, there are other payments that amounted to a lot more, the study suggests.

Both, the company that owns the EOS “blockchain,” and budding network Aeternity paid one hacker with more than $10,000 for a single issue that the hacker paid. TRON also paid $3,100 to the researcher who realized the network was susceptible to being flooded with malicious smart contracts, something thatcould jeopardize the future of the company.

Most of cryptocurrency companies and blockchain firms, just like other tech-based companies, have set up a reward or bounty system that would pay anyone that can point out any form of security issue in their systems; a bigger reward is also provided to those who can fix them.

While hackers who decided to use their skills to improve the technology stratosphere are increasing in number steadily, they could at any time decide to use their skills to exploit the vulnerabilities they have discovered for bigger take home money.

Just like how last week, cryptocurrency exchange Binance announced that hackers had successfully stolen 7,000 BT (then $40 million, now $55 million) from its own wallets.

Similarly crypto exchange company Cryptopia announced last week that the company is going into liquidation following the attack that lost the company millions of dollars worth of crypto money in January.

According to a blockchain data analytics firm, their investigation allowed them to estimate the loss caused by the cyber attack to be as much as $16 million in ether and ERC-20 tokens. While the company has restarted their trading services in March, no one is still certain of the actual damages that the cyber attacked caused the company. Until now, the company is still recovering from the aftermath of the breach and still having banking issues.

According to the liquidation firm, Grant Thornton, since the damages caused by the hacking was too “severe” and has impacted the company massively in terms of trade, and amidst the effort of its management to regain composure by reducing costs and returning the business to profitability, they have decided that liquidation is the best option for the company and all stakeholders moving forward.

It is still unclear whether or not Cryptopia is running its own bounty program but coincidentally, Binance has a bounty reward of $100,000 for anyone who can solve the mystery of their stolen crypto money, but until now, the perpetrator is still at large and unidentified.

“At Binance, the security of our users is our number one priority. As such, we strive to provide the most secure platform possible. We will evaluate reported security issues based on the security impact to our users and the Binance ecosystem.”

In the end, the question still remains: Are hackers friends of the crypto industry or are they the enemy?

Continue Reading


Cloud Computing Drives Taiwan & HK Organizations To Encrypt Data As “Employee Mistakes” Are The #1 Data Security Threat

Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan. Click To Tweet



Rising trend in cloud computing seen as the key driver of organizations setting up encryption strategies in Hong Kong and Taiwan.
Cloud Computing. Photo: Jane Boyko | Flickr | CC BY 2.0

Erring employees are the most prolific cause of data breaches and not cyber attacks by hackers in Hong Kong and Taiwan, according to businesses, an independent cybersecurity study reveals.

According to a study conducted by nCipher Security, a B2B applications provider, nearly half of the organization in Hong Kong and Taiwan cite “employee mistakes” as their biggest data security threat. 48% of the organization from the study said that their employees’ mistakes are more likely the case when a data breach happens; only 22% cite external hackers and 17% cite malicious hackers.

The data was revealed by 2019 Hong Kong and Taiwan Encryption Trends study from the Ponemon Institute. The annual review is conducted to capture how organizations, businesses, and institutions around the world are dealing with “compliance, increased threats, and the implementation of encryption to protect their business-critical information and applications.”

With the acknowledgment that human error is most likely to cause a data breach, nCipher says, and the prevalence of data breaches and data security issues around the world, organizations in both Hong Kong and Taiwan have started to realize the value of protecting themselves from data security breaches through data encryption.

“With corporate data breaches making headlines globally, encryption is vital in protecting data by making it unreadable to anyone other than those holding the corresponding encryption key,” reads a press release by nCipher.

A hopeful future awaits most of the organizations globally, with 45% of the respondents to the said study said that their organizations have a comprehensive and holistic encryption plan applied throughout their entire business. The trend was also observed to be continuously rising. However, the study notes that only 39% of organizations in both Hong Kong and Taiwan already have an encryption plan already in place; this is of direct contrast to Germany, which at 67% has the highest number of organization with encryption strategy being implemented.

“Organizations are under relentless pressure to protect their business-critical information and applications, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment,” notes Michael Tai, head of sales, Greater China at nCipher Security.

But it is still not late for Hong Kong and Taiwan to catch up with implementing encryption policies throughout their industries as an overwhelming number of organizations have recognized the importance of protecting customer information and their intellectual property. Seventy-four percent of respondents see protecting customer personal information a priority – highest among all the regions surveyed and is 20% higher than the global average.

The most common type of data encrypted by organizations in Hong Kong and Taiwan is employee or human resources data (63%) and intellectual property (53%). The least common type of data to be encrypted is healthcare information (17%), which is 7% below the global average.

Furthermore, Hong Kong and Thailand leads the world in cloud adaptation with 80% of respondents either currently using cloud computing services or planning to do so within the year. This is another reason, nCipher says, that organizations in both Asian countries are driven to have a robust data security policy and to implement a sound encryption strategy.

“Enterprises are increasingly turning to cloud environments to help them save time and money. While these technologies are digitally transforming businesses, there are potential security risks associated with them,” says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“Consequently the use of encryption to protect cloud data in Hong Kong and Taiwan is high just as it is elsewhere around the globe. Encryption usage is a clear indicator of a strong security posture. Organizations that deploy encryption are more aware of threats to sensitive and confidential information and making a greater investment in IT security.”

However, amidst the recognition of the need for encryption plans, organization cite data discovery as the most common factor that stops them from setting up encryption systems. Other factors cited by the respondents include classifying which data to encrypt and the ease of time with deploying encryption technologies.

“nCipher empowers customers by providing a high assurance security foundation that ensures the integrity and trustworthiness of their data, applications and intellectual property,” added Tai, encouraging organizations to treat data security as a priority and set up their data encryption systems.

Continue Reading


Hackers-For-Hire Are Ineffective And Expensive, Google Study Says

Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive. They also said that they are not threats to individual accounts. Click To Tweet



Researchers from Google and University of California said that hackers-for-hire services are frauds and expensive.
Researchers says they are not threats to individual Google accounts. Photo: Richard Patterson | Flickr | CC BY 2.0

Researchers from Google have yet again found a new and compelling reason why people should not hire hackers online, even if their offers are enticing enough for some people to fall for. New research published last week by Google, and researchers from the University of California, San Diego reveals that hackers-for-hire services available online are scams and ineffective.

The research methodology includes contracting 27 hacking services, and as expected, a considerable chunk of them did not respond to the inquiries made by the researchers, while 12 of them responded but never actually attempted to launch an attack. The researchers noted that only five service providers ended up launching assaults against the test Gmail accounts.

“Using unique online buyer personas, we engaged directly with 27 such account hacking service providers and asked them with compromising victim accounts of our choosing,” researchers said.

“These victims, in turn, were ‘honey pot’ Gmail accounts, operated in coordination with Google, and allowed us to record key interactions with the victim as well as with other fabricated aspects of their online persona that we created (e.g., business web servers, email addresses of friends or partner).”

Additionally, out of the 12 who responded to the inquiries of the researchers, nine of them have said that they are no longer working in the hacking business and it turned out that the rest are straight up scams.

The services offered online was said to be charged between $100 and $500 and interestingly, none of the service providers used automated tools for the attacks that they promise their clients.

The attacks are instead involving social engineer, with the hackers using spear-phishing techniques to target attacks for each intended victim. Researchers highlighted that while some of the hackers have asked them for information about the intended victims of the supposed attacks, others didn’t even bother and chose to employ a “re-usable email phishing templates.”

Interestingly, one of the five hackers who ended up launching an attack to the test Gmail account tried to infect the victim with malware rather than straightforwardly phish for account credentials. Once the malware infected email was opened and the malware installed in the victim’s system, the hacker will have virtual remote control of the entire system and would have been able to recover passwords and authentication cookies from local browsers.

Another hacker was able to bypass two-factor authentication ((2FA), the safety mechanism that requires the account holder to use another verification process independent from password authentication such as through a code sent to the connected SMS number in the account. Researchers reveal that the hacker was able to direct the decoy victim to a spoofed Google login page and successfully scraped for both passwords as well as SMS coded while effectively checking the validity of both in real time.

The hacker, says the researchers, who know that he needs to bypass a 2FA actually (and usually) double his prices citing the complexity of the task. An increase in the prices for hacking Gmail accounts have been observed to grow throughout the years with $125 per account in 2017 to $400 today. Researchers posit that the improved security protocol causes the price hike by Google.

“As a whole, however, we find that the commercialized account hijacking ecosystem is far from mature,” the research team said. “We frequently encountered poor customer service, slow responses, and inaccurate advertisements for pricing.

“Further, the current techniques for bypassing 2FA can be mitigated with the adoption of U2F security keys,” they added.

In the end, the researchers concluded that while there are capable hackers, most of those who offer hacking services are either ineffective or just plain frauds. As a consequence, they said that ignoring scam sites, they didn’t view hacker-for-hire services as an actual danger for user accounts. The researchers cited high prices for hacking each account and the low quality of services the service providers provide as reasons.

“However, despite the ability to successfully deliver account access, the market exhibited low volume, poor customer service, and had multiple scammers. As such, we surmise that retail email hijacking has yet to mature to the level of other criminal market segment,” the researchers wrote in their study’s abstract.

Continue Reading

Today’s Latest

Our Voices

Apple2 days ago

Privacy-Centered Web Browsers, A Marketing Strategy?

[bctt tweet="Privacy is a great thing to invest in, but the moment it becomes a selling point rather than an...

Silicon Valley Silicon Valley
Our Voice4 days ago

How Tech Companies Affect Communities In Places They Call ‘Home’

Tech companies are today’s driving forces in the economic world, mostly because of the introduction of the Internet. It allows...

We reviewed RingCentral's VoIP offers We reviewed RingCentral's VoIP offers
Our Voice1 week ago

RingCentral VoIP Review

VoIP has had a significant shift from a technology exclusively used by the early adopters or hobbyist to a widely...

April Fools April Fools
Our Voice2 months ago

April Fools Jokes Aren’t Just “Jokes”

April Fools is undoubtedly a fun day, exceptionally if you have crafted the most elaborate prank on your friends and...

Facebook Facebook
Facebook2 months ago

Facebook Should Do Better At Processing Community Standard Violations, And They Should Do It Fast

A few months ago, I saw a photo of myself used by another Facebook account with a “R.I.P. (Rest in...

With reports of artists committing harassments, should you separate the art from the artist? With reports of artists committing harassments, should you separate the art from the artist?
Our Voice2 months ago

Supporting Problematic Artists And Their Arts, An Opinion

As the world becomes swarmed by reports of famous artists – musicians, comedians, actors, painters – being alleged or in...

How to regulate facial recognition without possible risks How to regulate facial recognition without possible risks
Our Voice2 months ago

Ethical Regulation Of ‘Facial Recognition’ Is A Shared Responsibility

There is an ongoing discussion both in online and offline spaces regarding the growth of facial recognition technology and its...

Solving Data Breachs, must focus on SMBs Solving Data Breachs, must focus on SMBs
Cybersecurity2 months ago

Data Breach Epidemic: Solving The Problem In SMBs Will Solve The Problem For All

In the last two weeks, we’ve witnessed a vast amount of data breaches and information leaks, and the issue has...

Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects Here's why we agree to Jacinda Ardern, New Zealand Prime Minister words of not naming mass shooter suspects
Our Voice2 months ago

We Agree To PM Ardern Of Keeping Christchurch Murderer Nameless, And The Media Should Listen

In the wake of Christchurch mosques shooting in New Zealand that killed 50 people at two mosques, the shooter is...

Apple Anti-Snooping Paten Apple Anti-Snooping Paten
Apple2 months ago

Apple vs. Police Authorities; A Cold War Against iPhone’s Anti-Snooping Patent

To protect its customers from hackers and illegal surveillance, Apple is developing an anti-snooping technology that would impede police and...

Fighting misinformation over measles outbreak Fighting misinformation over measles outbreak
Our Voice3 months ago

An Epidemic: Measles Or Misinformation?

2018 was the year when people started asking the question: ‘should I get my child vaccinated?’ Most people answered yes,...

Join us as we delve into the future of the VoIP industry Join us as we delve into the future of the VoIP industry
Our Voice3 months ago

Take A Look At The Predicted Future Of The VoIP Industry

For the past 20 years, VoIP has become an integral part of the lives of millions of people around the...

Contact Center Solutions Contact Center Solutions
Business3 months ago

Choose The Right Call Center And The Best Contact Center Solutions of 2019

The Ins And Outs Of Business Communication Management For your business to exist in today’s world, you must know how...

Instagram poses as a threat to some of the world's most famous location Instagram poses as a threat to some of the world's most famous location
Our Voice3 months ago

How Instagram Corrupts Famous Locations In The World

Is Instagram corrupting the beauty of breathtakingly beautiful locations and sucking all the joy out of traveling? With the era...

How one can earn crypto How one can earn crypto
Our Voice4 months ago

Ways To Earn Cryptocurrency

Cryptocurrency is one of the growing medium for exchange in most countries as it offers a more convenient and safer...

Ending Payday Loans Ending Payday Loans
Our Voice4 months ago

Can We End Payday Loans?

We can’t neglect the fact that debt is one of the pressing problems in the country, especially in today’s economy....

How will 5G change our lives -- Our Voice How will 5G change our lives -- Our Voice
Our Voice4 months ago

Jumping From 4G To 5G: Here’s What 5G Can Do For You

One of the most awaited advancements in technology is the cellular industry. With its monthly updates on software, model and...

VoIP vs Traditional Telephones: Cost Factors to consider VoIP vs Traditional Telephones: Cost Factors to consider
Our Voice4 months ago

What are the cost factors of VoIP?

In the next few years, we might be saying goodbye to traditional telephone systems in exchange for Voice over Internet...

Manufacturing Firms Investment on Technology Manufacturing Firms Investment on Technology
Our Voice5 months ago

Manufacturing Firms are Investing More on Technology

Based on the recent research on how manufacturing companies are coming up in the market industry, they have been increasing...

How to properly take Technology Innovation in companies How to properly take Technology Innovation in companies
Our Voice5 months ago

Technology innovation in companies—for the better or the worse?

Technology has significantly impacted both homes and workplaces in the last years. As much as we want to keep our...