Another powerful new WhatsApp update has just been revealed, as the world’s leading secure messaging platform continues to build out its functionality. We’ve already had an expansion to 8-party video calls, while QR contact codes, encrypted cloud backups and multi-device access are in beta or test. Now more features have been added to latest update. But it’s not all good news—there’s a problem under the surface that looks set to become more of an issue this year.
The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.
The instruction appeared on internal messaging boards in early February, notifying employees that “Signal has been selected as the recommended application for public instant messaging.”
WhatsApp has been around for more than 10 years, and people all around the world use it every day. Unfortunately, WhatsApp’s popularity makes it a prime target for attackers. That’s exactly what’s happening right now as a current WhatsApp hack is putting users’ accounts at risk.
What is the WhatsApp hack?
According to The Telegraph, bad actors have been stealing WhatsApp accounts through what’s called social hacking. This is when attackers use already hijacked Facebook, Instagram, Telegram, etc. accounts to contact victims, posing as their friends or family.
Full article at: https://www.androidauthority.com/whatsapp-account-hack-1100793/
This sort of data transfer is not uncommon, especially for Facebook; plenty of apps use Facebook’s software development kits (SDK) as a means to implement features into their apps more easily, which also has the effect of sending information to Facebook. But Zoom users may not be aware it is happening, nor understand that when they use one product, they may be providing data to another service altogether.
Earlier today, March 16, Brave filed a formal complaint against Google with the lead General Data Protection Regulation (GDPR) enforcer in Europe.
In a February Cointelegraph interview, Dr. Johnny Ryan, Brave’s chief policy and industry relations officer, explained that Google is abusing its power by sharing user data collected by dozens of its distinct services, creating a “free for all” data warehouse. According to Ryan, this was a clear violation of the GDPR.
Aggravated with the situation and the lack of enforcement against the giant, Ryan promised to take Google to court if things don’t change for the better.
Whisper, a popular social app that lets people anonymously post confessions and secrets, reportedly left a database exposed that tied messages to a user’s age, location and other details. Records for millions of messages were viewable to anyone on a database that was open to the public internet, according to a report Tuesday from The Washington Post.
The database didn’t contain real names but tied anonymous whispers to “a user’s stated age, ethnicity, gender, hometown, nickname and any membership in groups, many of which are devoted to sexual confessions and discussion of sexual orientation and desires,” according to the Post. The data also reportedly included location coordinates for a person’s most recent whisper.
Multiple government-backed hacking groups are exploiting a recently-patched vulnerability in Microsoft Exchange email servers.
The exploitation attempts were first spotted by UK cyber-security firm Volexity on Friday and confirmed today to ZDNet by a source in the DOD.
Volexity did not share the names of the hacking groups exploiting this Exchange vulnerability. Volexity did not return a request for comment for additional details.
The DOD source described the hacking groups as “all the big players,” also declining to name groups or countries.
More than one billion Android devices around the world are vulnerable to attack by hackers because they are no longer supported by security updates and built-in protection, new research by Which? has found.
Based on Google data, two in five of Android users worldwide may no longer be receiving updates, and while these devices won’t immediately have problems, without security support there is an increased risk to the user.
Speaking at the RSA security conference last week, Microsoft engineers said that 99.9% of the compromised accounts they track every month don’t use multi-factor authentication, a solution that stops most automated account attacks.
The cloud giant said it tracks more than 30 billion login events per day and more than one billion monthly active users.
Microsoft said that, on average, around 0.5% of all accounts get compromised each month, a number that in January 2020 was about 1.2 million.
While all account hacks are bad, they are worse when the account is for enterprise use. Of these highly-sensitive accounts, only 11% had a multi-factor authentication (MFA) solution enabled, as of January 2020, Microsoft said.
The Swiss government has filed a criminal complaint relating to the alleged practices of US and German intelligence agencies in spying on other governments over the course of decades.
The complaint in question is centered around Operation Rubicon, the focus of a recent investigation by the Washington Post, ZDF, and SRF into Swiss company Crypto AG.
Crypto AG is a seller of encoded and encrypted devices deemed suitable — and secure enough — for confidential government communications. It is estimated that over 100 governments worldwide have been counted as Crypto AG clients over the course of decades.
Rumors concerning the CIA and its German counterpart BND being able to crack these devices have been around for some time, and now the recent inquiry — which reveals that Crypto AG was owned by these authorities until recently — claims that the agencies deliberately introduced backdoors and weaknesses in products sold by Crypto AG to intercept and eavesdrop on users.
New academic research published last month looked at the phone-home features of six of today’s most popular browsers and found that the Brave browser sent the smallest amount of data about its users back to the browser maker’s servers.
The research, conducted by Douglas J. Leith, a professor at Trinity College at the University of Dublin, looked at Google Chrome, Mozilla Firefox, Apple Safari, Brave, Microsoft Edge (the new Chromium-based version), and the Yandex Browser.
Prof. Leith used a series of automated tests to measure and collect the network communications that a browser initiates to its backend infrastructure. These network communications are also known as telemetry or phoning-home.
Facebook wants you to think it’s consistently increasing transparency about how the company stores and uses your data. But the company still isn’t revealing everything to its users, according to an investigation by Privacy International.
The obvious holes in Facebook’s privacy data exports paint a picture of a company that aims to placate users’ concerns without actually doing anything to change its practices.
Data lists are incomplete — The most pressing issue with Facebook’s downloadable privacy data is that it’s incomplete. Privacy International’s investigation tested the “Ads and Business” section on Facebook’s “Download Your Information” page, which purports to tell users which advertisers have been targeting them with ads.
The investigation found that the list of advertisers actually changes over time, seemingly at random. This essentially makes it impossible for users to develop a full understanding of which advertisers are using their data. In this sense, Facebook’s claims of transparency are inaccurate and misleading.