Hey all,
Here are this week's cyber updates:
(1) Check Point has discovered a bug in the web versions of Whatsapp and
Telegram. In particular, both applications do not properly parse
images, allowing malicious HTML code to be executed within the Whatsapp/Telegram
domain. This allows the attacker to steal the user’s data from the local
storage, hence allowing the attacker to authenticate themselves on behalf of their victim.
Both Whatsapp and Telegram have announced they did not see an account
being compromised by this exploit. However, since both apps use end-to-end
encryption, these companies have no way of guaranteeing it nor can they block it on
the server side.
And here are all the details: http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
(2) The next time you buy a phone, don’t expect it to be
malware-free. Android phones (brands such as Galaxy or Nexus) have been found
to be distributed with pre-loaded malware. While you would expect these phones
to be bought without a malware, somewhere in the supply chain a spyware has
been added to the firmware.
The spyware allows the attacker to install further malicious
apps on the device, dial premium numbers and delete the user’s data.
Here are all the details: http://thehackernews.com/2017/03/android-malware-apps.html
(3) Microsoft has finally patched the notorious SMBv3 vulnerability.
For those of you who don’t remember, two months ago a vulnerability in SMBv3
has been discovered that can possible permit remote code execution. A PoC code
for denial of service was made available and exploited in the while.
For nearly 2 months Windows-based systems were not patched
(as Microsoft has not solved this issue on their February “Patch Tuesday”
updates).
Organizations are urged to update their Windows operating systems as soon as possible.
Stay tuned for more updates,
Dan Gurfinkel
Head of Offensive Security & Response Unit