Saturday, March 18, 2017

Cyber Updates - 18/03

Hey all,
Here are this week's cyber updates:

(1) Check Point has discovered a bug in the web versions of Whatsapp and Telegram. In particular, both applications do not properly parse images, allowing malicious HTML code to be executed within the Whatsapp/Telegram domain. This allows the attacker to steal the user’s data from the local storage, hence allowing the attacker to authenticate themselves on behalf of their victim.
Both Whatsapp and Telegram have announced they did not see an account being compromised by this exploit. However, since both apps use end-to-end encryption, these companies have no way of guaranteeing it nor can they block it on the server side.

(2) The next time you buy a phone, don’t expect it to be malware-free. Android phones (brands such as Galaxy or Nexus) have been found to be distributed with pre-loaded malware. While you would expect these phones to be bought without a malware, somewhere in the supply chain a spyware has been added to the firmware.
The spyware allows the attacker to install further malicious apps on the device, dial premium numbers and delete the user’s data.

(3) Microsoft has finally patched the notorious SMBv3 vulnerability. For those of you who don’t remember, two months ago a vulnerability in SMBv3 has been discovered that can possible permit remote code execution. A PoC code for denial of service was made available and exploited in the while.
For nearly 2 months Windows-based systems were not patched (as Microsoft has not solved this issue on their February “Patch Tuesday” updates).
Organizations are urged to update their Windows operating systems as soon as possible.

Stay tuned for more updates,

Dan Gurfinkel
Head of Offensive Security & Response Unit